CVE-2020-35655

Publication date

2021-01-12 08:08:47

Family

mitre

State

PUBLISHED

Description

In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.