Search for vulnerabilities
Vulnerability details: VCID-jwr6-nxcq-cfaz
Vulnerability ID VCID-jwr6-nxcq-cfaz
Aliases BIT-pillow-2020-10177
CVE-2020-10177
GHSA-cqhg-xjhh-p8hf
PYSEC-2020-76
Summary Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-125 Out-of-bounds Read
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 5.9 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10177.json
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2020-10177
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2020-10177
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2020-10177
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2020-10177
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2020-10177
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2020-10177
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2020-10177
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2020-10177
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2020-10177
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2020-10177
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2020-10177
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2020-10177
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2020-10177
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2020-10177
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2020-10177
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2020-10177
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2020-10177
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2020-10177
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2020-10177
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2020-10177
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2020-10177
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2020-10177
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2020-10177
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2020-10177
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2020-10177
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2020-10177
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2020-10177
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2020-10177
cvssv3.1 5.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 5.5 https://github.com/advisories/GHSA-cqhg-xjhh-p8hf
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-cqhg-xjhh-p8hf
generic_textual HIGH https://github.com/advisories/GHSA-cqhg-xjhh-p8hf
cvssv3.1 5.5 https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-76.yaml
generic_textual HIGH https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-76.yaml
cvssv3.1 5.5 https://github.com/python-pillow/Pillow
generic_textual HIGH https://github.com/python-pillow/Pillow
cvssv3.1 5.5 https://github.com/python-pillow/Pillow/commit/00c6dd72d9ed0124cec81040b4bab0979a200fe2
generic_textual HIGH https://github.com/python-pillow/Pillow/commit/00c6dd72d9ed0124cec81040b4bab0979a200fe2
cvssv3.1 5.5 https://github.com/python-pillow/Pillow/commit/088ce4df981b70fbec140ee54417bcb49a7dffca
generic_textual HIGH https://github.com/python-pillow/Pillow/commit/088ce4df981b70fbec140ee54417bcb49a7dffca
cvssv3.1 5.5 https://github.com/python-pillow/Pillow/commit/11ef7ca53a7d0af4bc52666c29199deffa5fc1bd
generic_textual HIGH https://github.com/python-pillow/Pillow/commit/11ef7ca53a7d0af4bc52666c29199deffa5fc1bd
cvssv3.1 5.5 https://github.com/python-pillow/Pillow/commit/19ff42bd683486a8a308743c76972ef6a6482e9b
generic_textual HIGH https://github.com/python-pillow/Pillow/commit/19ff42bd683486a8a308743c76972ef6a6482e9b
cvssv3.1 5.5 https://github.com/python-pillow/Pillow/commit/5b490fc413dfab2d52de46a58905c25d9badb650
generic_textual HIGH https://github.com/python-pillow/Pillow/commit/5b490fc413dfab2d52de46a58905c25d9badb650
cvssv3.1 5.5 https://github.com/python-pillow/Pillow/commit/8d4f3c0c5f2fecf175aeb895e9c2d6d06d85bdc9
generic_textual HIGH https://github.com/python-pillow/Pillow/commit/8d4f3c0c5f2fecf175aeb895e9c2d6d06d85bdc9
cvssv3.1 5.5 https://github.com/python-pillow/Pillow/commit/b4e439d6d7fd986cd6b4c7f9ca18830d79dacd44
generic_textual HIGH https://github.com/python-pillow/Pillow/commit/b4e439d6d7fd986cd6b4c7f9ca18830d79dacd44
cvssv3.1 5.5 https://github.com/python-pillow/Pillow/commit/c5edc361fd6450f805a6a444723b0f68190b1d0c
generic_textual HIGH https://github.com/python-pillow/Pillow/commit/c5edc361fd6450f805a6a444723b0f68190b1d0c
cvssv3.1 5.5 https://github.com/python-pillow/Pillow/commit/c66d8aa75436f334f686fe32bca8e414bcdd18e6
generic_textual HIGH https://github.com/python-pillow/Pillow/commit/c66d8aa75436f334f686fe32bca8e414bcdd18e6
cvssv3.1 5.5 https://github.com/python-pillow/Pillow/commit/c88b0204d7c930e3bd72626ae6ea078571cc0ea7
generic_textual HIGH https://github.com/python-pillow/Pillow/commit/c88b0204d7c930e3bd72626ae6ea078571cc0ea7
cvssv3.1 5.5 https://github.com/python-pillow/Pillow/commit/f6926a041b4b544fd2ced3752542afb6c8c19405
generic_textual HIGH https://github.com/python-pillow/Pillow/commit/f6926a041b4b544fd2ced3752542afb6c8c19405
cvssv3.1 5.5 https://github.com/python-pillow/Pillow/commits/master/src/libImaging
generic_textual HIGH https://github.com/python-pillow/Pillow/commits/master/src/libImaging
cvssv3.1 5.5 https://github.com/python-pillow/Pillow/issues/4750
generic_textual HIGH https://github.com/python-pillow/Pillow/issues/4750
cvssv3.1 5.5 https://github.com/python-pillow/Pillow/pull/4503
generic_textual HIGH https://github.com/python-pillow/Pillow/pull/4503
cvssv3.1 5.5 https://github.com/python-pillow/Pillow/pull/4538
generic_textual HIGH https://github.com/python-pillow/Pillow/pull/4538
cvssv3.1 5.5 https://lists.debian.org/debian-lts-announce/2020/08/msg00012.html
generic_textual HIGH https://lists.debian.org/debian-lts-announce/2020/08/msg00012.html
cvssv3.1 5.5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD
cvssv3.1 5.5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-10177
cvssv3.1 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-10177
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2020-10177
cvssv3.1 5.5 https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html
generic_textual HIGH https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html
cvssv3.1 5.5 https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
generic_textual HIGH https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
cvssv3.1 5.5 https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574573
generic_textual HIGH https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574573
cvssv3.1 5.5 https://usn.ubuntu.com/4430-1
generic_textual HIGH https://usn.ubuntu.com/4430-1
cvssv3.1 5.5 https://usn.ubuntu.com/4430-2
generic_textual HIGH https://usn.ubuntu.com/4430-2
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10177.json
https://api.first.org/data/v1/epss?cve=CVE-2020-10177
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10177
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/advisories/GHSA-cqhg-xjhh-p8hf
https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-76.yaml
https://github.com/python-pillow/Pillow
https://github.com/python-pillow/Pillow/commit/00c6dd72d9ed0124cec81040b4bab0979a200fe2
https://github.com/python-pillow/Pillow/commit/088ce4df981b70fbec140ee54417bcb49a7dffca
https://github.com/python-pillow/Pillow/commit/11ef7ca53a7d0af4bc52666c29199deffa5fc1bd
https://github.com/python-pillow/Pillow/commit/19ff42bd683486a8a308743c76972ef6a6482e9b
https://github.com/python-pillow/Pillow/commit/5b490fc413dfab2d52de46a58905c25d9badb650
https://github.com/python-pillow/Pillow/commit/8d4f3c0c5f2fecf175aeb895e9c2d6d06d85bdc9
https://github.com/python-pillow/Pillow/commit/b4e439d6d7fd986cd6b4c7f9ca18830d79dacd44
https://github.com/python-pillow/Pillow/commit/c5edc361fd6450f805a6a444723b0f68190b1d0c
https://github.com/python-pillow/Pillow/commit/c66d8aa75436f334f686fe32bca8e414bcdd18e6
https://github.com/python-pillow/Pillow/commit/c88b0204d7c930e3bd72626ae6ea078571cc0ea7
https://github.com/python-pillow/Pillow/commit/f6926a041b4b544fd2ced3752542afb6c8c19405
https://github.com/python-pillow/Pillow/commits/master/src/libImaging
https://github.com/python-pillow/Pillow/issues/4750
https://github.com/python-pillow/Pillow/pull/4503
https://github.com/python-pillow/Pillow/pull/4538
https://lists.debian.org/debian-lts-announce/2020/08/msg00012.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
https://nvd.nist.gov/vuln/detail/CVE-2020-10177
https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html
https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574573
https://usn.ubuntu.com/4430-1
https://usn.ubuntu.com/4430-1/
https://usn.ubuntu.com/4430-2
https://usn.ubuntu.com/4430-2/
1852824 https://bugzilla.redhat.com/show_bug.cgi?id=1852824
cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
RHSA-2021:0420 https://access.redhat.com/errata/RHSA-2021:0420
USN-4697-2 https://usn.ubuntu.com/4697-2/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10177.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/advisories/GHSA-cqhg-xjhh-p8hf
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-76.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/python-pillow/Pillow
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/python-pillow/Pillow/commit/00c6dd72d9ed0124cec81040b4bab0979a200fe2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/python-pillow/Pillow/commit/088ce4df981b70fbec140ee54417bcb49a7dffca
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/python-pillow/Pillow/commit/11ef7ca53a7d0af4bc52666c29199deffa5fc1bd
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/python-pillow/Pillow/commit/19ff42bd683486a8a308743c76972ef6a6482e9b
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/python-pillow/Pillow/commit/5b490fc413dfab2d52de46a58905c25d9badb650
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/python-pillow/Pillow/commit/8d4f3c0c5f2fecf175aeb895e9c2d6d06d85bdc9
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/python-pillow/Pillow/commit/b4e439d6d7fd986cd6b4c7f9ca18830d79dacd44
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/python-pillow/Pillow/commit/c5edc361fd6450f805a6a444723b0f68190b1d0c
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/python-pillow/Pillow/commit/c66d8aa75436f334f686fe32bca8e414bcdd18e6
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/python-pillow/Pillow/commit/c88b0204d7c930e3bd72626ae6ea078571cc0ea7
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/python-pillow/Pillow/commit/f6926a041b4b544fd2ced3752542afb6c8c19405
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/python-pillow/Pillow/commits/master/src/libImaging
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/python-pillow/Pillow/issues/4750
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/python-pillow/Pillow/pull/4503
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/python-pillow/Pillow/pull/4538
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://lists.debian.org/debian-lts-announce/2020/08/msg00012.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2020-10177
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2020-10177
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574573
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://usn.ubuntu.com/4430-1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://usn.ubuntu.com/4430-2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.51247
EPSS Score 0.00282
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:09:04.564288+00:00 Pypa Importer Import https://github.com/pypa/advisory-database/blob/main/vulns/pillow/PYSEC-2020-76.yaml 37.0.0