{
  "threat_severity" : "Moderate",
  "public_date" : "2021-07-13T00:00:00Z",
  "bugzilla" : {
    "description" : "python-pillow: Buffer overflow in image convert function",
    "id" : "1982378",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1982378"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.9",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-119",
  "details" : [ "Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.", "A flaw was found in python-pillow. This flaw allows an attacker to pass controlled parameters directly into a convert function, triggering a buffer overflow in the \"convert()\" or \"ImagingConvertTransparent()\" functions in Convert.c. The highest threat to this vulnerability is to system availability.\nIn Red Hat Quay, a vulnerable version of python-pillow is shipped with quay-registry-container, however the invoice generation feature which uses python-pillow is disabled by default. Therefore impact has been rated Moderate." ],
  "statement" : "Due to the compiler options used, the buffer overflow is detected and the impact is lowered to a crash only. Additionally, the \"mode\" parameter has to be attacker controlled, which is considered a rare case.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-11-09T00:00:00Z",
    "advisory" : "RHSA-2021:4149",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "python-pillow-0:5.1.1-16.el8"
  }, {
    "product_name" : "Red Hat Quay 3",
    "release_date" : "2021-10-19T00:00:00Z",
    "advisory" : "RHSA-2021:3917",
    "cpe" : "cpe:/a:redhat:quay:3::el8",
    "package" : "quay/quay-rhel8:v3.6.0-62",
    "impact" : "moderate"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "python-pillow",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-34552\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-34552\nhttps://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow" ],
  "name" : "CVE-2021-34552",
  "mitigation" : {
    "value" : "To mitigate this flaw on Red Hat Quay, keep the invoice generation feature disabled, as it is by default.\nRed Hat Satellite 6.9 customers can apply following hotfix to eliminate the vulnerability warnings.\n* Download python2-daemon-2.1.2-7.1.HFRHBZ1998199.el7sat.noarch.rpm from https://bugzilla.redhat.com/attachment.cgi?id=1819471\n* Stop services:\n# satellite-maintain service stop\n* Upgrade python2-daemon and remove affected package\n# rpm -Uvh python2-daemon-2.1.2-7.1.HFRHBZ1998199.el7sat.noarch.rpm\n# yum remove python-pillow\n* Restart services:\n# satellite-maintain service start\nSatellite 6.10 future release is also fixing this.",
    "lang" : "en:us"
  },
  "csaw" : false
}