vx3r
Reputation: 295
Is libwebp 0.3.0-3 used by pillow on Centos 7 concerned by CVE-2020-36328?
We scanned the same host (a CentOS Linux release 7.6.1810 (Core)) with two vulnerability scanners (Nessus and Rapid7).
- Rapid7 reported that
libwebp-0:0.3.0-7.el7.x86_64is vulnerable CVE-2020-36328. - Nessus did not report a vulnerability, the plugin CentOS 7 : qt5-qtimageformats (CESA-2021:2328) did not fire.
The installed library (libwebp-0:0.3.0-7.el7.x86_64) is used by python-pillow-0:2.0.0-19.gitd1c6db8.el7.x86_64 and not by qt5-qtimageformats (against which the test is done)
My question: which one these two scanners is reporting correct information?
Or in other words: is this vulnerability strictly linked to the package that uses it, or is a standalone library vulnerable as well?
Upvotes: 1
Views: 200
Answers (0)
Related Questions
- Can't install Pillow on centos
- Upgrading pillow from version 8.3.2-> 9.1.1
- KeyError: 'WEBP' in Pillow 7.2.0 on Ubuntu 20.04 with already installed libwebp-dev
- WEBP support not installed error with Pillow included in Anaconda
- How to install Pillow on Python 3.5?
- upgrade pillow suggested, but then already up-to-date
- Why do I get an error when installing Pillow 3.0.0 on Ubuntu?
- How to install Pillow For Python 3.5
- Installing Pillow on Python 2.7
- Using webp images with Pillow 2.2.2 or 2.3.0