811450 – (CVE-2021-23437) <dev-python/pillow-8.3.2: buffer overflow due to color specifiers (?)

Bug 811450 (CVE-2021-23437) - <dev-python/pillow-8.3.2: buffer overflow due to color specifiers (?)

Summary: <dev-python/pillow-8.3.2: buffer overflow due to color specifiers (?)

Status:	RESOLVED FIXED

Alias:	CVE-2021-23437

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor
Assignee:	Gentoo Security

URL:
Whiteboard:	B3 [glsa+]
Keywords:

Depends on:	811453
Blocks:	CVE-2021-34552
	Show dependency tree

Reported:	2021-09-02 20:41 UTC by Michał Górny
Modified:	2022-11-22 04:05 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michał Górny archtester

2021-09-02 20:41:37 UTC

Apparently the CVE has not been published yet but the changelogs says:

+- CVE-2021-23437 Raise ValueError if color specifier is too long
+  [hugovk, radarhere]

Comment 1 John Helmert III archtester

2021-09-03 18:41:07 UTC

CVE says it's a ReDoS.

Comment 2 John Helmert III archtester

2021-11-14 03:27:26 UTC

Please cleanup

Comment 3 Larry the Git Cow gentoo-dev

2021-11-14 08:16:43 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=489350a86a27cbf30814583641081d7f76bad69a

commit 489350a86a27cbf30814583641081d7f76bad69a
Author:     Michał Górny <mgorny@gentoo.org>
AuthorDate: 2021-11-14 08:08:10 +0000
Commit:     Michał Górny <mgorny@gentoo.org>
CommitDate: 2021-11-14 08:16:38 +0000

    dev-python/pillow: Remove old
    
    Bug: https://bugs.gentoo.org/811450
    Bug: https://bugs.gentoo.org/802090
    Signed-off-by: Michał Górny <mgorny@gentoo.org>

 dev-python/pillow/Manifest            |  3 --
 dev-python/pillow/pillow-8.2.0.ebuild | 98 -----------------------------------
 dev-python/pillow/pillow-8.3.0.ebuild | 98 -----------------------------------
 dev-python/pillow/pillow-8.3.1.ebuild | 98 -----------------------------------
 4 files changed, 297 deletions(-)

Comment 4 John Helmert III archtester

2021-11-14 14:32:52 UTC

Thanks!

Comment 5 filip ambroz 2022-01-10 16:54:19 UTC

There are new bugs affecting versions < 9.0.0: https://bugs.gentoo.org/830934

Comment 6 John Helmert III archtester

2022-11-14 21:15:23 UTC

GLSA request filed

Comment 7 Larry the Git Cow gentoo-dev

2022-11-22 04:01:30 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=65e54c1c2d5aa2b4a2012ca5e8d6771961ac4118

commit 65e54c1c2d5aa2b4a2012ca5e8d6771961ac4118
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-11-22 03:53:26 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-11-22 03:59:40 +0000

    [ GLSA 202211-10 ] Pillow: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/802090
    Bug: https://bugs.gentoo.org/811450
    Bug: https://bugs.gentoo.org/830934
    Bug: https://bugs.gentoo.org/832598
    Bug: https://bugs.gentoo.org/855683
    Bug: https://bugs.gentoo.org/878769
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202211-10.xml | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)

Comment 8 John Helmert III archtester

2022-11-22 04:05:50 UTC

GLSA released, all done!