libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow. Upstream patch: https://github.com/python-pillow/Pillow/commit/a09acd0decd8a87ccce939d5ff65dab59e7d365b References: https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
Created python-pillow tracking bugs for this issue: Affects: fedora-all [bug 1789541] Created python3-pillow tracking bugs for this issue: Affects: epel-7 [bug 1789542]
While Red Hat Quay includes the python-pillow it's not used, therefore this issue is rated moderate for Red Hat Quay.
Function ImagingFliDecode() in FliDecode.c uses a buffer `buf` of `bytes` bytes as input. However, it tries to read 2 bytes from the buffer+4 when it was only checked that the buffer contained at least 4 bytes. If the size of the buffer is 4, for example, the additional 2 bytes would be read from the memory after the allocated buffer. This can result in an out-of-bound read, which could be used to leak some memory data from the program or, at most, make it crash.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:3185 https://access.redhat.com/errata/RHSA-2020:3185
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-5313
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:3887 https://access.redhat.com/errata/RHSA-2020:3887
This issue has been addressed in the following products: Red Hat Quay 3 Via RHSA-2021:0420 https://access.redhat.com/errata/RHSA-2021:0420