DATABASE RESOURCES PRICING ABOUT US

{"id": "FEDORA:0B859304C689", "vendorId": null, "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 33 Update: mingw-python-pillow-7.2.0-5.fc33", "description": "MinGW Windows Python pillow library. ", "published": "2021-03-15T01:20:06", "modified": "2021-03-15T01:20:06", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2OZYDJJIOJXOA2LU5VXABMRGNRJLJCLY/", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2020-35654", "CVE-2021-25289", "CVE-2021-25290", "CVE-2021-25291", "CVE-2021-25292", "CVE-2021-25293", "CVE-2021-2792", "CVE-2021-27921", "CVE-2021-27922", "CVE-2021-27923"], "immutableFields": [], "lastseen": "2021-07-28T14:46:52", "viewCount": 22, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:4149"]}, {"type": "archlinux", "idList": ["ASA-202101-11"]}, {"type": "cve", "idList": ["CVE-2020-35654", "CVE-2021-25289", "CVE-2021-25290", "CVE-2021-25291", "CVE-2021-25292", "CVE-2021-25293", "CVE-2021-27921", "CVE-2021-27922", "CVE-2021-27923"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2716-1:B7285"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-35654", "DEBIANCVE:CVE-2021-25289", "DEBIANCVE:CVE-2021-25290", "DEBIANCVE:CVE-2021-25291", "DEBIANCVE:CVE-2021-25292", "DEBIANCVE:CVE-2021-25293", "DEBIANCVE:CVE-2021-27921", "DEBIANCVE:CVE-2021-27922", "DEBIANCVE:CVE-2021-27923"]}, {"type": "f5", "idList": ["F5:K14102355"]}, {"type": "fedora", "idList": ["FEDORA:21BF2304C3C6", "FEDORA:2AE1B30BA844", "FEDORA:4F08E309FF1E", "FEDORA:8464E304C689", "FEDORA:94DDA3052E93", "FEDORA:962C5304C2CB", "FEDORA:9CF4630A20A5", "FEDORA:DEF3C3097844", "FEDORA:E30B530BC715"]}, {"type": "gentoo", "idList": ["GLSA-202101-08", "GLSA-202107-33"]}, {"type": "github", "idList": ["GHSA-3WVG-MJ6G-M9CV", "GHSA-57H3-9RGR-C24M", "GHSA-8XJQ-8FCG-G5HW", "GHSA-95Q3-8GR9-GM8W", "GHSA-9HX2-HGQ2-2G4F", "GHSA-F4W8-CV6P-X6R5", "GHSA-JGPV-4H4C-XHW3", "GHSA-MVG9-XFFR-P774", "GHSA-P43W-G3C5-G5MQ", "GHSA-VQCJ-WRF2-7V73"]}, {"type": "kitploit", "idList": ["KITPLOIT:3974184594574360239"]}, {"type": "nessus", "idList": ["ALMA_LINUX_ALSA-2021-4149.NASL", "CENTOS8_RHSA-2021-4149.NASL", "DEBIAN_DLA-2716.NASL", "EULEROS_SA-2021-1840.NASL", "EULEROS_SA-2021-1966.NASL", "EULEROS_SA-2021-1972.NASL", "EULEROS_SA-2021-1986.NASL", "EULEROS_SA-2021-2019.NASL", "EULEROS_SA-2021-2037.NASL", "EULEROS_SA-2021-2053.NASL", "EULEROS_SA-2021-2064.NASL", "EULEROS_SA-2021-2123.NASL", "EULEROS_SA-2021-2187.NASL", "EULEROS_SA-2021-2209.NASL", "EULEROS_SA-2021-2227.NASL", "EULEROS_SA-2021-2253.NASL", "EULEROS_SA-2021-2279.NASL", "EULEROS_SA-2021-2314.NASL", "EULEROS_SA-2021-2432.NASL", "EULEROS_SA-2021-2481.NASL", "EULEROS_SA-2021-2540.NASL", "EULEROS_SA-2021-2564.NASL", "EULEROS_SA-2021-2731.NASL", "EULEROS_SA-2021-2775.NASL", "EULEROS_SA-2021-2893.NASL", "FEDORA_2021-0ECE308612.NASL", "FEDORA_2021-15845D3ABE.NASL", "FEDORA_2021-880AA7BD27.NASL", "FEDORA_2021-A8DDC1CE70.NASL", "GENTOO_GLSA-202101-08.NASL", "GENTOO_GLSA-202107-33.NASL", "OPENSUSE-2021-1134.NASL", "REDHAT-RHSA-2021-4149.NASL", "UBUNTU_USN-4697-1.NASL", "UBUNTU_USN-4763-1.NASL"]}, {"type": "osv", "idList": ["OSV:GHSA-57H3-9RGR-C24M", "OSV:GHSA-JGPV-4H4C-XHW3", "OSV:PYSEC-2021-35"]}, {"type": "redhat", "idList": ["RHSA-2021:3917", "RHSA-2021:4149"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-35654", "RH:CVE-2021-25289", "RH:CVE-2021-25290", "RH:CVE-2021-25291", "RH:CVE-2021-25292", "RH:CVE-2021-25293", "RH:CVE-2021-27921", "RH:CVE-2021-27922", "RH:CVE-2021-27923"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1134-1"]}, {"type": "ubuntu", "idList": ["USN-4697-1", "USN-4763-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-35654", "UB:CVE-2021-25289", "UB:CVE-2021-25290", "UB:CVE-2021-25291", "UB:CVE-2021-25292", "UB:CVE-2021-25293", "UB:CVE-2021-27921", "UB:CVE-2021-27922", "UB:CVE-2021-27923"]}]}, "score": {"value": 5.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:4149"]}, {"type": "archlinux", "idList": ["ASA-202101-11"]}, {"type": "cve", "idList": ["CVE-2020-35654", "CVE-2021-25289", "CVE-2021-25290", "CVE-2021-25291", "CVE-2021-25292", "CVE-2021-25293"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2716-1:B7285"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-35654", "DEBIANCVE:CVE-2021-25289", "DEBIANCVE:CVE-2021-25290", "DEBIANCVE:CVE-2021-25291", "DEBIANCVE:CVE-2021-25292", "DEBIANCVE:CVE-2021-25293", "DEBIANCVE:CVE-2021-27921", "DEBIANCVE:CVE-2021-27922", "DEBIANCVE:CVE-2021-27923"]}, {"type": "f5", "idList": ["F5:K14102355"]}, {"type": "fedora", "idList": ["FEDORA:21BF2304C3C6", "FEDORA:2AE1B30BA844", "FEDORA:4F08E309FF1E", "FEDORA:8464E304C689", "FEDORA:94DDA3052E93", "FEDORA:962C5304C2CB", "FEDORA:9CF4630A20A5", "FEDORA:DEF3C3097844", "FEDORA:E30B530BC715"]}, {"type": "gentoo", "idList": ["GLSA-202101-08", "GLSA-202107-33"]}, {"type": "github", "idList": ["GHSA-3WVG-MJ6G-M9CV", "GHSA-95Q3-8GR9-GM8W", "GHSA-F4W8-CV6P-X6R5", "GHSA-VQCJ-WRF2-7V73"]}, {"type": "kitploit", "idList": ["KITPLOIT:3974184594574360239"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-2716.NASL", "EULEROS_SA-2021-1840.NASL", "EULEROS_SA-2021-2187.NASL", "EULEROS_SA-2021-2209.NASL", "EULEROS_SA-2021-2227.NASL", "EULEROS_SA-2021-2253.NASL", "EULEROS_SA-2021-2279.NASL", "EULEROS_SA-2021-2314.NASL", "FEDORA_2021-0ECE308612.NASL", "FEDORA_2021-15845D3ABE.NASL", "FEDORA_2021-880AA7BD27.NASL", "FEDORA_2021-A8DDC1CE70.NASL", "GENTOO_GLSA-202101-08.NASL", "REDHAT-RHSA-2021-4149.NASL", "UBUNTU_USN-4697-1.NASL", "UBUNTU_USN-4763-1.NASL"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-35654", "RH:CVE-2021-25289", "RH:CVE-2021-25290", "RH:CVE-2021-25291", "RH:CVE-2021-25292", "RH:CVE-2021-25293", "RH:CVE-2021-27921", "RH:CVE-2021-27922", "RH:CVE-2021-27923"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1134-1"]}, {"type": "ubuntu", "idList": ["USN-4697-1", "USN-4763-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-35654", "UB:CVE-2021-25289", "UB:CVE-2021-25290", "UB:CVE-2021-25291", "UB:CVE-2021-25292", "UB:CVE-2021-25293", "UB:CVE-2021-27921", "UB:CVE-2021-27923"]}]}, "exploitation": null, "vulnersScore": 5.0}, "_state": {"dependencies": 0, "score": 0}, "_internal": {}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "33", "arch": "any", "packageVersion": "7.2.0", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "mingw-python-pillow"}]}

{"fedora": [{"lastseen": "2021-07-28T14:46:52", "description": "Python image processing library, fork of the Python Imaging Library (PIL) This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk (tk interface), qt (PIL image wrapper for Qt ), devel (development) and doc (documentation). ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-03-15T01:08:24", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: python-pillow-7.0.0-7.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-35654", "CVE-2021-25289", "CVE-2021-25290", "CVE-2021-25291", "CVE-2021-25292", "CVE-2021-25293", "CVE-2021-2792", "CVE-2021-27921", "CVE-2021-27922", "CVE-2021-27923"], "modified": "2021-03-15T01:08:24", "id": "FEDORA:21BF2304C3C6", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JGWRX3VN5IZP6CVDYDVCY5GPQ52PE6Q3/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:52", "description": "Python image processing library, fork of the Python Imaging Library (PIL) This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk (tk interface), qt (PIL image wrapper for Qt ), devel (development) and doc (documentation). ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-03-15T01:20:06", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: python-pillow-7.2.0-5.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-35654", "CVE-2021-25289", "CVE-2021-25290", "CVE-2021-25291", "CVE-2021-25292", "CVE-2021-25293", "CVE-2021-2792", "CVE-2021-27921", "CVE-2021-27922", "CVE-2021-27923"], "modified": "2021-03-15T01:20:06", "id": "FEDORA:9CF4630A20A5", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:52", "description": "Python image processing library, fork of the Python Imaging Library (PIL) This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. This is a minimal compatibility package for https://pagure.io/fesco/issue/2 266 ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-03-15T01:08:23", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: python2-pillow-6.2.2-5.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-35653", "CVE-2020-35654", "CVE-2020-35655", "CVE-2021-25289", "CVE-2021-25290", "CVE-2021-25291", "CVE-2021-25292", "CVE-2021-25293", "CVE-2021-2792", "CVE-2021-27921", "CVE-2021-27922", "CVE-2021-27923"], "modified": "2021-03-15T01:08:23", "id": "FEDORA:962C5304C2CB", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:52", "description": "Python image processing library, fork of the Python Imaging Library (PIL) This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. This is a minimal compatibility package for https://pagure.io/fesco/issue/2 266 ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-03-15T01:20:06", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: python2-pillow-6.2.2-5.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-35653", "CVE-2020-35654", "CVE-2020-35655", "CVE-2021-25289", "CVE-2021-25290", "CVE-2021-25291", "CVE-2021-25292", "CVE-2021-25293", "CVE-2021-2792", "CVE-2021-27921", "CVE-2021-27922", "CVE-2021-27923"], "modified": "2021-03-15T01:20:06", "id": "FEDORA:8464E304C689", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/NHDJHJYSYLKXDKZLCZSHF7ZJ3IRLOG2O/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:52", "description": "MinGW Windows Python pillow library. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-03-19T20:28:49", "type": "fedora", "title": "[SECURITY] Fedora 34 Update: mingw-python-pillow-8.1.2-1.fc34", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27921", "CVE-2021-27922", "CVE-2021-27923"], "modified": "2021-03-19T20:28:49", "id": "FEDORA:94DDA3052E93", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PYWYQVOZM2YZAH3KX7X5JDFFQ6PHUGDM/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-28T14:46:52", "description": "Python image processing library, fork of the Python Imaging Library (PIL) This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk (tk interface), qt (PIL image wrapper for Qt ), devel (development) and doc (documentation). ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-03-19T20:28:49", "type": "fedora", "title": "[SECURITY] Fedora 34 Update: python-pillow-8.1.2-1.fc34", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27921", "CVE-2021-27922", "CVE-2021-27923"], "modified": "2021-03-19T20:28:49", "id": "FEDORA:DEF3C3097844", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-28T14:46:52", "description": "MinGW Windows Python pillow library. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-01-21T01:47:28", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: mingw-python-pillow-7.2.0-3.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-35653", "CVE-2020-35654", "CVE-2020-35655"], "modified": "2021-01-21T01:47:28", "id": "FEDORA:E30B530BC715", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:52", "description": "Python image processing library, fork of the Python Imaging Library (PIL) This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk (tk interface), qt (PIL image wrapper for Qt ), devel (development) and doc (documentation). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-01-21T01:47:29", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: python-pillow-7.2.0-3.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-35653", "CVE-2020-35654", "CVE-2020-35655"], "modified": "2021-01-21T01:47:29", "id": "FEDORA:2AE1B30BA844", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4VRCCSORJBMRUY5NGYWMCKVE5VO5JOO5/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:52", "description": "Python image processing library, fork of the Python Imaging Library (PIL) This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk (tk interface), qt (PIL image wrapper for Qt ), devel (development) and doc (documentation). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-01-24T01:23:46", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: python-pillow-7.0.0-5.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-35653", "CVE-2020-35654", "CVE-2020-35655"], "modified": "2021-01-24T01:23:46", "id": "FEDORA:4F08E309FF1E", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2022-01-07T01:30:58", "description": "The remote Fedora 32 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2021-0ece308612 advisory.\n\n - In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. (CVE-2020-35654)\n\n - An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654. (CVE-2021-25289)\n\n - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size. (CVE-2021-25290)\n\n - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries. (CVE-2021-25291)\n\n - An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex. (CVE-2021-25292)\n\n - An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.\n (CVE-2021-25293)\n\n - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. (CVE-2021-27921)\n\n - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large. (CVE-2021-27922)\n\n - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large. (CVE-2021-27923)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-15T00:00:00", "type": "nessus", "title": "Fedora 32 : python-pillow / python2-pillow (2021-0ece308612)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-35654", "CVE-2021-25289", "CVE-2021-25290", "CVE-2021-25291", "CVE-2021-25292", "CVE-2021-25293", "CVE-2021-27921", "CVE-2021-27922", "CVE-2021-27923"], "modified": "2021-04-12T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:32", "p-cpe:/a:fedoraproject:fedora:python-pillow", "p-cpe:/a:fedoraproject:fedora:python2-pillow"], "id": "FEDORA_2021-0ECE308612.NASL", "href": "https://www.tenable.com/plugins/nessus/147777", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2021-0ece308612\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147777);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/12\");\n\n script_cve_id(\n \"CVE-2020-35654\",\n \"CVE-2021-25289\",\n \"CVE-2021-25290\",\n \"CVE-2021-25291\",\n \"CVE-2021-25292\",\n \"CVE-2021-25293\",\n \"CVE-2021-27921\",\n \"CVE-2021-27922\",\n \"CVE-2021-27923\"\n );\n script_xref(name:\"FEDORA\", value:\"2021-0ece308612\");\n\n script_name(english:\"Fedora 32 : python-pillow / python2-pillow (2021-0ece308612)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 32 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nFEDORA-2021-0ece308612 advisory.\n\n - In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files\n because of certain interpretation conflicts with LibTIFF in RGBA mode. (CVE-2020-35654)\n\n - An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding\n crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this\n issue exists because of an incomplete fix for CVE-2020-35654. (CVE-2021-25289)\n\n - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an\n invalid size. (CVE-2021-25290)\n\n - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in\n TiffreadRGBATile via invalid tile boundaries. (CVE-2021-25291)\n\n - An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS)\n attack via a crafted PDF file because of a catastrophic backtracking regex. (CVE-2021-25292)\n\n - An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.\n (CVE-2021-25293)\n\n - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the\n reported size of a contained image is not properly checked for a BLP container, and thus an attempted\n memory allocation can be very large. (CVE-2021-27921)\n\n - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the\n reported size of a contained image is not properly checked for an ICNS container, and thus an attempted\n memory allocation can be very large. (CVE-2021-27922)\n\n - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the\n reported size of a contained image is not properly checked for an ICO container, and thus an attempted\n memory allocation can be very large. (CVE-2021-27923)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2021-0ece308612\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python-pillow and / or python2-pillow packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-25289\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python-pillow\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python2-pillow\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Fedora' >!< release) audit(AUDIT_OS_NOT, 'Fedora');\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 32', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\npkgs = [\n {'reference':'python-pillow-7.0.0-7.fc32', 'release':'FC32', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python2-pillow-6.2.2-5.fc32', 'release':'FC32', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python-pillow / python2-pillow');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-07T01:28:56", "description": "The remote Fedora 33 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2021-15845d3abe advisory.\n\n - In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. (CVE-2020-35654)\n\n - An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654. (CVE-2021-25289)\n\n - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size. (CVE-2021-25290)\n\n - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries. (CVE-2021-25291)\n\n - An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex. (CVE-2021-25292)\n\n - An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.\n (CVE-2021-25293)\n\n - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. (CVE-2021-27921)\n\n - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large. (CVE-2021-27922)\n\n - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large. (CVE-2021-27923)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-15T00:00:00", "type": "nessus", "title": "Fedora 33 : mingw-python-pillow / python-pillow / python2-pillow (2021-15845d3abe)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-35654", "CVE-2021-25289", "CVE-2021-25290", "CVE-2021-25291", "CVE-2021-25292", "CVE-2021-25293", "CVE-2021-27921", "CVE-2021-27922", "CVE-2021-27923"], "modified": "2021-04-12T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:33", "p-cpe:/a:fedoraproject:fedora:mingw-python-pillow", "p-cpe:/a:fedoraproject:fedora:python-pillow", "p-cpe:/a:fedoraproject:fedora:python2-pillow"], "id": "FEDORA_2021-15845D3ABE.NASL", "href": "https://www.tenable.com/plugins/nessus/147773", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2021-15845d3abe\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147773);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/12\");\n\n script_cve_id(\n \"CVE-2020-35654\",\n \"CVE-2021-25289\",\n \"CVE-2021-25290\",\n \"CVE-2021-25291\",\n \"CVE-2021-25292\",\n \"CVE-2021-25293\",\n \"CVE-2021-27921\",\n \"CVE-2021-27922\",\n \"CVE-2021-27923\"\n );\n script_xref(name:\"FEDORA\", value:\"2021-15845d3abe\");\n\n script_name(english:\"Fedora 33 : mingw-python-pillow / python-pillow / python2-pillow (2021-15845d3abe)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 33 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nFEDORA-2021-15845d3abe advisory.\n\n - In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files\n because of certain interpretation conflicts with LibTIFF in RGBA mode. (CVE-2020-35654)\n\n - An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding\n crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this\n issue exists because of an incomplete fix for CVE-2020-35654. (CVE-2021-25289)\n\n - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an\n invalid size. (CVE-2021-25290)\n\n - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in\n TiffreadRGBATile via invalid tile boundaries. (CVE-2021-25291)\n\n - An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS)\n attack via a crafted PDF file because of a catastrophic backtracking regex. (CVE-2021-25292)\n\n - An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.\n (CVE-2021-25293)\n\n - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the\n reported size of a contained image is not properly checked for a BLP container, and thus an attempted\n memory allocation can be very large. (CVE-2021-27921)\n\n - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the\n reported size of a contained image is not properly checked for an ICNS container, and thus an attempted\n memory allocation can be very large. (CVE-2021-27922)\n\n - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the\n reported size of a contained image is not properly checked for an ICO container, and thus an attempted\n memory allocation can be very large. (CVE-2021-27923)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2021-15845d3abe\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected mingw-python-pillow, python-pillow and / or python2-pillow packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-25289\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:33\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-python-pillow\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python-pillow\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python2-pillow\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Fedora' >!< release) audit(AUDIT_OS_NOT, 'Fedora');\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^33([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 33', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\npkgs = [\n {'reference':'mingw-python-pillow-7.2.0-5.fc33', 'release':'FC33', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-pillow-7.2.0-5.fc33', 'release':'FC33', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python2-pillow-6.2.2-5.fc33', 'release':'FC33', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mingw-python-pillow / python-pillow / python2-pillow');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-17T18:05:19", "description": "The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4763-1 advisory.\n\n - An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654. (CVE-2021-25289)\n\n - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size. (CVE-2021-25290)\n\n - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries. (CVE-2021-25291)\n\n - An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex. (CVE-2021-25292)\n\n - An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.\n (CVE-2021-25293)\n\n - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. (CVE-2021-27921)\n\n - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large. (CVE-2021-27922)\n\n - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large. (CVE-2021-27923)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-23T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : Pillow vulnerabilities (USN-4763-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-35654", "CVE-2021-25289", "CVE-2021-25290", "CVE-2021-25291", "CVE-2021-25292", "CVE-2021-25293", "CVE-2021-27921", "CVE-2021-27922", "CVE-2021-27923"], "modified": "2021-03-30T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.10", "p-cpe:/a:canonical:ubuntu_linux:python-imaging", "p-cpe:/a:canonical:ubuntu_linux:python-pil", "p-cpe:/a:canonical:ubuntu_linux:python-pil.imagetk", "p-cpe:/a:canonical:ubuntu_linux:python3-pil", "p-cpe:/a:canonical:ubuntu_linux:python3-pil.imagetk"], "id": "UBUNTU_USN-4763-1.NASL", "href": "https://www.tenable.com/plugins/nessus/147998", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4763-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147998);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/30\");\n\n script_cve_id(\n \"CVE-2021-25289\",\n \"CVE-2021-25290\",\n \"CVE-2021-25291\",\n \"CVE-2021-25292\",\n \"CVE-2021-25293\",\n \"CVE-2021-27921\",\n \"CVE-2021-27922\",\n \"CVE-2021-27923\"\n );\n script_xref(name:\"USN\", value:\"4763-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : Pillow vulnerabilities (USN-4763-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the USN-4763-1 advisory.\n\n - An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding\n crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this\n issue exists because of an incomplete fix for CVE-2020-35654. (CVE-2021-25289)\n\n - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an\n invalid size. (CVE-2021-25290)\n\n - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in\n TiffreadRGBATile via invalid tile boundaries. (CVE-2021-25291)\n\n - An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS)\n attack via a crafted PDF file because of a catastrophic backtracking regex. (CVE-2021-25292)\n\n - An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.\n (CVE-2021-25293)\n\n - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the\n reported size of a contained image is not properly checked for a BLP container, and thus an attempted\n memory allocation can be very large. (CVE-2021-27921)\n\n - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the\n reported size of a contained image is not properly checked for an ICNS container, and thus an attempted\n memory allocation can be very large. (CVE-2021-27922)\n\n - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the\n reported size of a contained image is not properly checked for an ICO container, and thus an attempted\n memory allocation can be very large. (CVE-2021-27923)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4763-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-25289\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-imaging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-pil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-pil.imagetk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3-pil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3-pil.imagetk\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021 Canonical, Inc. / NASL script (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|20\\.04|20\\.10)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04 / 20.10', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '16.04', 'pkgname': 'python-imaging', 'pkgver': '3.1.2-0ubuntu1.6'},\n {'osver': '16.04', 'pkgname': 'python-pil', 'pkgver': '3.1.2-0ubuntu1.6'},\n {'osver': '16.04', 'pkgname': 'python-pil.imagetk', 'pkgver': '3.1.2-0ubuntu1.6'},\n {'osver': '16.04', 'pkgname': 'python3-pil', 'pkgver': '3.1.2-0ubuntu1.6'},\n {'osver': '16.04', 'pkgname': 'python3-pil.imagetk', 'pkgver': '3.1.2-0ubuntu1.6'},\n {'osver': '18.04', 'pkgname': 'python-pil', 'pkgver': '5.1.0-1ubuntu0.5'},\n {'osver': '18.04', 'pkgname': 'python-pil.imagetk', 'pkgver': '5.1.0-1ubuntu0.5'},\n {'osver': '18.04', 'pkgname': 'python3-pil', 'pkgver': '5.1.0-1ubuntu0.5'},\n {'osver': '18.04', 'pkgname': 'python3-pil.imagetk', 'pkgver': '5.1.0-1ubuntu0.5'},\n {'osver': '20.04', 'pkgname': 'python3-pil', 'pkgver': '7.0.0-4ubuntu0.3'},\n {'osver': '20.04', 'pkgname': 'python3-pil.imagetk', 'pkgver': '7.0.0-4ubuntu0.3'},\n {'osver': '20.10', 'pkgname': 'python3-pil', 'pkgver': '7.2.0-1ubuntu0.2'},\n {'osver': '20.10', 'pkgname': 'python3-pil.imagetk', 'pkgver': '7.2.0-1ubuntu0.2'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python-imaging / python-pil / python-pil.imagetk / python3-pil / etc');\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-15T18:07:38", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1134-1 advisory.\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\n - In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations. (CVE-2020-35653)\n\n - In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. (CVE-2020-35654)\n\n - In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled. (CVE-2020-35655)\n\n - An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654. (CVE-2021-25289)\n\n - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size. (CVE-2021-25290)\n\n - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries. (CVE-2021-25291)\n\n - An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex. (CVE-2021-25292)\n\n - An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.\n (CVE-2021-25293)\n\n - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. (CVE-2021-27921)\n\n - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large. (CVE-2021-27922)\n\n - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large. (CVE-2021-27923)\n\n - Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.\n (CVE-2021-34552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-08-11T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : python-CairoSVG, python-Pillow (openSUSE-SU-2021:1134-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999", "CVE-2020-35653", "CVE-2020-35654", "CVE-2020-35655", "CVE-2021-25289", "CVE-2021-25290", "CVE-2021-25291", "CVE-2021-25292", "CVE-2021-25293", "CVE-2021-27921", "CVE-2021-27922", "CVE-2021-27923", "CVE-2021-34552"], "modified": "2022-01-18T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:python3-CairoSVG", "p-cpe:/a:novell:opensuse:python3-Pillow", "p-cpe:/a:novell:opensuse:python3-Pillow-tk", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-1134.NASL", "href": "https://www.tenable.com/plugins/nessus/152473", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1134-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152473);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/18\");\n\n script_cve_id(\n \"CVE-2020-15999\",\n \"CVE-2020-35653\",\n \"CVE-2020-35654\",\n \"CVE-2020-35655\",\n \"CVE-2021-25289\",\n \"CVE-2021-25290\",\n \"CVE-2021-25291\",\n \"CVE-2021-25292\",\n \"CVE-2021-25293\",\n \"CVE-2021-27921\",\n \"CVE-2021-27922\",\n \"CVE-2021-27923\",\n \"CVE-2021-34552\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0486-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"openSUSE 15 Security Update : python-CairoSVG, python-Pillow (openSUSE-SU-2021:1134-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1134-1 advisory.\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\n - In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the\n user-supplied stride value is trusted for buffer calculations. (CVE-2020-35653)\n\n - In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files\n because of certain interpretation conflicts with LibTIFF in RGBA mode. (CVE-2020-35654)\n\n - In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image\n files because offsets and length tables are mishandled. (CVE-2020-35655)\n\n - An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding\n crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this\n issue exists because of an incomplete fix for CVE-2020-35654. (CVE-2021-25289)\n\n - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an\n invalid size. (CVE-2021-25290)\n\n - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in\n TiffreadRGBATile via invalid tile boundaries. (CVE-2021-25291)\n\n - An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS)\n attack via a crafted PDF file because of a catastrophic backtracking regex. (CVE-2021-25292)\n\n - An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.\n (CVE-2021-25293)\n\n - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the\n reported size of a contained image is not properly checked for a BLP container, and thus an attempted\n memory allocation can be very large. (CVE-2021-27921)\n\n - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the\n reported size of a contained image is not properly checked for an ICNS container, and thus an attempted\n memory allocation can be very large. (CVE-2021-27922)\n\n - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the\n reported size of a contained image is not properly checked for an ICO container, and thus an attempted\n memory allocation can be very large. (CVE-2021-27923)\n\n - Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass\n controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.\n (CVE-2021-34552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180832\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180833\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180834\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181281\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/N6MMS3NOFXF2TZBZ5M3EC6VOB65FRP4I/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?27adf76a\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-35653\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-35654\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-35655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-25289\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-25290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-25291\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-25292\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-25293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27921\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27922\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27923\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-34552\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python3-CairoSVG, python3-Pillow and / or python3-Pillow-tk packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-34552\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-CairoSVG\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-Pillow\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-Pillow-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'python3-CairoSVG-2.5.1-lp152.2.3.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-Pillow-8.3.1-lp152.5.3.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-Pillow-tk-8.3.1-lp152.5.3.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python3-CairoSVG / python3-Pillow / python3-Pillow-tk');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-15T20:24:52", "description": "According to the versions of the python-pillow package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654. (CVE-2021-25289)\n\n - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries. (CVE-2021-25291)\n\n - An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex. (CVE-2021-25292)\n\n - An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.\n (CVE-2021-25293)\n\n - Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.\n (CVE-2021-34552)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-09-27T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : python-pillow (EulerOS-SA-2021-2564)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-35654", "CVE-2021-25289", "CVE-2021-25291", "CVE-2021-25292", "CVE-2021-25293", "CVE-2021-34552"], "modified": "2021-09-27T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python3-pillow", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2564.NASL", "href": "https://www.tenable.com/plugins/nessus/153724", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153724);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/27\");\n\n script_cve_id(\n \"CVE-2021-25289\",\n \"CVE-2021-25291\",\n \"CVE-2021-25292\",\n \"CVE-2021-25293\",\n \"CVE-2021-34552\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : python-pillow (EulerOS-SA-2021-2564)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the python-pillow package installed, the EulerOS installation on the remote host is\naffected by the following vulnerabilities :\n\n - An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding\n crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this\n issue exists because of an incomplete fix for CVE-2020-35654. (CVE-2021-25289)\n\n - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in\n TiffreadRGBATile via invalid tile boundaries. (CVE-2021-25291)\n\n - An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS)\n attack via a crafted PDF file because of a catastrophic backtracking regex. (CVE-2021-25292)\n\n - An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.\n (CVE-2021-25293)\n\n - Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass\n controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.\n (CVE-2021-34552)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2564\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6d526c96\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python-pillow packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-34552\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-pillow\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"python3-pillow-5.3.0-4.h15.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-pillow\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-15T16:47:02", "description": "According to the versions of the python-pillow package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654. (CVE-2021-25289)\n\n - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries. (CVE-2021-25291)\n\n - An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex. (CVE-2021-25292)\n\n - An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.\n (CVE-2021-25293)\n\n - Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.\n (CVE-2021-34552)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-09-27T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : python-pillow (EulerOS-SA-2021-2540)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-35654", "CVE-2021-25289", "CVE-2021-25291", "CVE-2021-25292", "CVE-2021-25293", "CVE-2021-34552"], "modified": "2021-09-27T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python3-pillow", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2540.NASL", "href": "https://www.tenable.com/plugins/nessus/153695", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153695);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/27\");\n\n script_cve_id(\n \"CVE-2021-25289\",\n \"CVE-2021-25291\",\n \"CVE-2021-25292\",\n \"CVE-2021-25293\",\n \"CVE-2021-34552\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : python-pillow (EulerOS-SA-2021-2540)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the python-pillow package installed, the EulerOS installation on the remote host is\naffected by the following vulnerabilities :\n\n - An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding\n crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this\n issue exists because of an incomplete fix for CVE-2020-35654. (CVE-2021-25289)\n\n - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in\n TiffreadRGBATile via invalid tile boundaries. (CVE-2021-25291)\n\n - An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS)\n attack via a crafted PDF file because of a catastrophic backtracking regex. (CVE-2021-25292)\n\n - An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.\n (CVE-2021-25293)\n\n - Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass\n controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.\n (CVE-2021-34552)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2540\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3bfec7cf\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python-pillow packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-34552\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-pillow\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"python3-pillow-5.3.0-4.h15.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-pillow\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-01T00:00:00", "description": "The remote host is affected by the vulnerability described in GLSA-202107-33 (Pillow: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Pillow. Please review the CVE identifiers referenced below for details.\n Impact :\n\n Please review the referenced CVE identifiers for details.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-01-24T00:00:00", "type": "nessus", "title": "GLSA-202107-33 : Pillow: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-25287", "CVE-2021-25288", "CVE-2021-25289", "CVE-2021-25290", "CVE-2021-25291", "CVE-2021-25292", "CVE-2021-25293", "CVE-2021-27921", "CVE-2021-27922", "CVE-2021-27923", "CVE-2021-28675", "CVE-2021-28676", "CVE-2021-28677", "CVE-2021-28678"], "modified": "2022-01-26T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:pillow", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202107-33.NASL", "href": "https://www.tenable.com/plugins/nessus/156973", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202107-33.\n#\n# The advisory text is Copyright (C) 2001-2022 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(156973);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\"CVE-2021-25287\", \"CVE-2021-25288\", \"CVE-2021-25289\", \"CVE-2021-25290\", \"CVE-2021-25291\", \"CVE-2021-25292\", \"CVE-2021-25293\", \"CVE-2021-27921\", \"CVE-2021-27922\", \"CVE-2021-27923\", \"CVE-2021-28675\", \"CVE-2021-28676\", \"CVE-2021-28677\", \"CVE-2021-28678\");\n script_xref(name:\"GLSA\", value:\"202107-33\");\n\n script_name(english:\"GLSA-202107-33 : Pillow: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202107-33\n(Pillow: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Pillow. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202107-33\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All Pillow users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-python/pillow-8.2.0'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-25289\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:pillow\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-python/pillow\", unaffected:make_list(\"ge 8.2.0\"), vulnerable:make_list(\"lt 8.2.0\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Pillow\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-15T18:16:41", "description": "The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2021:4149 advisory.\n\n - In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations. (CVE-2020-35653)\n\n - In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled. (CVE-2020-35655)\n\n - An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la. (CVE-2021-25287)\n\n - An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i. (CVE-2021-25288)\n\n - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size. (CVE-2021-25290)\n\n - An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex. (CVE-2021-25292)\n\n - An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.\n (CVE-2021-25293)\n\n - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. (CVE-2021-27921)\n\n - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large. (CVE-2021-27922)\n\n - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large. (CVE-2021-27923)\n\n - An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load. (CVE-2021-28675)\n\n - An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load. (CVE-2021-28676)\n\n - An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \\r and \\n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a DoS of Pillow in the open phase, before an image was accepted for opening.\n (CVE-2021-28677)\n\n - An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data. (CVE-2021-28678)\n\n - Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.\n (CVE-2021-34552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : python-pillow (ALSA-2021:4149)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-35653", "CVE-2020-35655", "CVE-2021-25287", "CVE-2021-25288", "CVE-2021-25290", "CVE-2021-25292", "CVE-2021-25293", "CVE-2021-27921", "CVE-2021-27922", "CVE-2021-27923", "CVE-2021-28675", "CVE-2021-28676", "CVE-2021-28677", "CVE-2021-28678", "CVE-2021-34552"], "modified": "2022-02-14T00:00:00", "cpe": ["p-cpe:/a:alma:linux:python3-pillow", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2021-4149.NASL", "href": "https://www.tenable.com/plugins/nessus/157623", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2021:4149.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157623);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/14\");\n\n script_cve_id(\n \"CVE-2020-35653\",\n \"CVE-2020-35655\",\n \"CVE-2021-25287\",\n \"CVE-2021-25288\",\n \"CVE-2021-25290\",\n \"CVE-2021-25292\",\n \"CVE-2021-25293\",\n \"CVE-2021-27921\",\n \"CVE-2021-27922\",\n \"CVE-2021-27923\",\n \"CVE-2021-28675\",\n \"CVE-2021-28676\",\n \"CVE-2021-28677\",\n \"CVE-2021-28678\",\n \"CVE-2021-34552\"\n );\n script_xref(name:\"ALSA\", value:\"2021:4149\");\n\n script_name(english:\"AlmaLinux 8 : python-pillow (ALSA-2021:4149)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nALSA-2021:4149 advisory.\n\n - In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the\n user-supplied stride value is trusted for buffer calculations. (CVE-2020-35653)\n\n - In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image\n files because offsets and length tables are mishandled. (CVE-2020-35655)\n\n - An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in\n j2ku_graya_la. (CVE-2021-25287)\n\n - An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in\n j2ku_gray_i. (CVE-2021-25288)\n\n - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an\n invalid size. (CVE-2021-25290)\n\n - An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS)\n attack via a crafted PDF file because of a catastrophic backtracking regex. (CVE-2021-25292)\n\n - An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.\n (CVE-2021-25293)\n\n - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the\n reported size of a contained image is not properly checked for a BLP container, and thus an attempted\n memory allocation can be very large. (CVE-2021-27921)\n\n - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the\n reported size of a contained image is not properly checked for an ICNS container, and thus an attempted\n memory allocation can be very large. (CVE-2021-27922)\n\n - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the\n reported size of a contained image is not properly checked for an ICO container, and thus an attempted\n memory allocation can be very large. (CVE-2021-27923)\n\n - An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the\n number of input layers relative to the size of the data block. This could lead to a DoS on Image.open\n prior to Image.load. (CVE-2021-28675)\n\n - An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the\n block advance was non-zero, potentially leading to an infinite loop on load. (CVE-2021-28676)\n\n - An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in\n EPSImageFile has to deal with any combination of \\r and \\n as line endings. It used an accidentally\n quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use\n this to perform a DoS of Pillow in the open phase, before an image was accepted for opening.\n (CVE-2021-28677)\n\n - An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that\n reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be\n run a large number of times on empty data. (CVE-2021-28678)\n\n - Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass\n controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.\n (CVE-2021-34552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2021-4149.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python3-pillow package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-34552\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:python3-pillow\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'python3-pillow-5.1.1-16.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python3-pillow');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-15T18:10:36", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:4149 advisory.\n\n - python-pillow: Buffer over-read in PCX image reader (CVE-2020-35653)\n\n - python-pillow: Buffer over-read in SGI RLE image reader (CVE-2020-35655)\n\n - python-pillow: Out-of-bounds read in J2K image reader (CVE-2021-25287, CVE-2021-25288)\n\n - python-pillow: Negative-offset memcpy in TIFF image reader (CVE-2021-25290)\n\n - python-pillow: Regular expression DoS in PDF format parser (CVE-2021-25292)\n\n - python-pillow: Out-of-bounds read in SGI RLE image reader (CVE-2021-25293)\n\n - python-pillow: Excessive memory allocation in BLP image reader (CVE-2021-27921)\n\n - python-pillow: Excessive memory allocation in ICNS image reader (CVE-2021-27922)\n\n - python-pillow: Excessive memory allocation in ICO image reader (CVE-2021-27923)\n\n - python-pillow: Excessive memory allocation in PSD image reader (CVE-2021-28675)\n\n - python-pillow: Infinite loop in FLI image reader (CVE-2021-28676)\n\n - python-pillow: Excessive CPU use in EPS image reader (CVE-2021-28677)\n\n - python-pillow: Excessive looping in BLP image reader (CVE-2021-28678)\n\n - python-pillow: Buffer overflow in image convert function (CVE-2021-34552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "RHEL 8 : python-pillow (RHSA-2021:4149)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-35653", "CVE-2020-35655", "CVE-2021-25287", "CVE-2021-25288", "CVE-2021-25290", "CVE-2021-25292", "CVE-2021-25293", "CVE-2021-27921", "CVE-2021-27922", "CVE-2021-27923", "CVE-2021-28675", "CVE-2021-28676", "CVE-2021-28677", "CVE-2021-28678", "CVE-2021-34552"], "modified": "2021-11-11T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:python3-pillow"], "id": "REDHAT-RHSA-2021-4149.NASL", "href": "https://www.tenable.com/plugins/nessus/155178", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:4149. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155178);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/11\");\n\n script_cve_id(\n \"CVE-2020-35653\",\n \"CVE-2020-35655\",\n \"CVE-2021-25287\",\n \"CVE-2021-25288\",\n \"CVE-2021-25290\",\n \"CVE-2021-25292\",\n \"CVE-2021-25293\",\n \"CVE-2021-27921\",\n \"CVE-2021-27922\",\n \"CVE-2021-27923\",\n \"CVE-2021-28675\",\n \"CVE-2021-28676\",\n \"CVE-2021-28677\",\n \"CVE-2021-28678\",\n \"CVE-2021-34552\"\n );\n script_xref(name:\"RHSA\", value:\"2021:4149\");\n\n script_name(english:\"RHEL 8 : python-pillow (RHSA-2021:4149)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:4149 advisory.\n\n - python-pillow: Buffer over-read in PCX image reader (CVE-2020-35653)\n\n - python-pillow: Buffer over-read in SGI RLE image reader (CVE-2020-35655)\n\n - python-pillow: Out-of-bounds read in J2K image reader (CVE-2021-25287, CVE-2021-25288)\n\n - python-pillow: Negative-offset memcpy in TIFF image reader (CVE-2021-25290)\n\n - python-pillow: Regular expression DoS in PDF format parser (CVE-2021-25292)\n\n - python-pillow: Out-of-bounds read in SGI RLE image reader (CVE-2021-25293)\n\n - python-pillow: Excessive memory allocation in BLP image reader (CVE-2021-27921)\n\n - python-pillow: Excessive memory allocation in ICNS image reader (CVE-2021-27922)\n\n - python-pillow: Excessive memory allocation in ICO image reader (CVE-2021-27923)\n\n - python-pillow: Excessive memory allocation in PSD image reader (CVE-2021-28675)\n\n - python-pillow: Infinite loop in FLI image reader (CVE-2021-28676)\n\n - python-pillow: Excessive CPU use in EPS image reader (CVE-2021-28677)\n\n - python-pillow: Excessive looping in BLP image reader (CVE-2021-28678)\n\n - python-pillow: Buffer overflow in image convert function (CVE-2021-34552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/119.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/120.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/122.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/125.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/400.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/835.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-35653\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-35655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-25287\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-25288\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-25290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-25292\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-25293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-27921\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-27922\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-27923\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-28675\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-28676\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-28677\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-28678\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-34552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:4149\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1915420\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1915432\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1934685\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1934699\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1934705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1935384\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1935396\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1935401\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1958226\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1958231\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1958240\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1958252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1958257\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1958263\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1982378\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python3-pillow package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-34552\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 119, 120, 122, 125, 400, 835);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-pillow\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_8_appstream': [\n 'rhel-8-for-aarch64-appstream-debug-rpms',\n 'rhel-8-for-aarch64-appstream-rpms',\n 'rhel-8-for-aarch64-appstream-source-rpms',\n 'rhel-8-for-s390x-appstream-debug-rpms',\n 'rhel-8-for-s390x-appstream-rpms',\n 'rhel-8-for-s390x-appstream-source-rpms',\n 'rhel-8-for-x86_64-appstream-debug-rpms',\n 'rhel-8-for-x86_64-appstream-rpms',\n 'rhel-8-for-x86_64-appstream-source-rpms'\n ],\n 'enterprise_linux_8_baseos': [\n 'rhel-8-for-aarch64-baseos-debug-rpms',\n 'rhel-8-for-aarch64-baseos-rpms',\n 'rhel-8-for-aarch64-baseos-source-rpms',\n 'rhel-8-for-s390x-baseos-debug-rpms',\n 'rhel-8-for-s390x-baseos-rpms',\n 'rhel-8-for-s390x-baseos-source-rpms',\n 'rhel-8-for-x86_64-baseos-debug-rpms',\n 'rhel-8-for-x86_64-baseos-rpms',\n 'rhel-8-for-x86_64-baseos-source-rpms'\n ],\n 'enterprise_linux_8_crb': [\n 'codeready-builder-for-rhel-8-aarch64-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-rpms',\n 'codeready-builder-for-rhel-8-aarch64-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-rpms',\n 'codeready-builder-for-rhel-8-s390x-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-rpms',\n 'codeready-builder-for-rhel-8-x86_64-source-rpms'\n ],\n 'enterprise_linux_8_highavailability': [\n 'rhel-8-for-aarch64-highavailability-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-rpms',\n 'rhel-8-for-aarch64-highavailability-source-rpms',\n 'rhel-8-for-s390x-highavailability-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-rpms',\n 'rhel-8-for-s390x-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-rpms',\n 'rhel-8-for-x86_64-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'enterprise_linux_8_nfv': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-nfv-tus-debug-rpms',\n 'rhel-8-for-x86_64-nfv-tus-rpms',\n 'rhel-8-for-x86_64-nfv-tus-source-rpms'\n ],\n 'enterprise_linux_8_realtime': [\n 'rhel-8-for-x86_64-rt-debug-rpms',\n 'rhel-8-for-x86_64-rt-rpms',\n 'rhel-8-for-x86_64-rt-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-debug-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms'\n ],\n 'enterprise_linux_8_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-rpms',\n 'rhel-8-for-s390x-resilientstorage-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-rpms',\n 'rhel-8-for-x86_64-resilientstorage-source-rpms'\n ],\n 'enterprise_linux_8_sap': [\n 'rhel-8-for-s390x-sap-netweaver-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-rpms',\n 'rhel-8-for-s390x-sap-netweaver-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-source-rpms'\n ],\n 'enterprise_linux_8_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-rpms',\n 'rhel-8-for-x86_64-sap-solutions-source-rpms'\n ],\n 'enterprise_linux_8_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-rpms',\n 'rhel-8-for-aarch64-supplementary-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-rpms',\n 'rhel-8-for-s390x-supplementary-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-rpms',\n 'rhel-8-for-x86_64-supplementary-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'python3-pillow-5.1.1-16.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'python3-pillow-5.1.1-16.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'python3-pillow-5.1.1-16.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python3-pillow');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-15T16:47:58", "description": "The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2021:4149 advisory.\n\n - python-pillow: Buffer over-read in PCX image reader (CVE-2020-35653)\n\n - python-pillow: Buffer over-read in SGI RLE image reader (CVE-2020-35655)\n\n - python-pillow: Out-of-bounds read in J2K image reader (CVE-2021-25287, CVE-2021-25288)\n\n - python-pillow: Negative-offset memcpy in TIFF image reader (CVE-2021-25290)\n\n - python-pillow: Regular expression DoS in PDF format parser (CVE-2021-25292)\n\n - python-pillow: Out-of-bounds read in SGI RLE image reader (CVE-2021-25293)\n\n - python-pillow: Excessive memory allocation in BLP image reader (CVE-2021-27921)\n\n - python-pillow: Excessive memory allocation in ICNS image reader (CVE-2021-27922)\n\n - python-pillow: Excessive memory allocation in ICO image reader (CVE-2021-27923)\n\n - python-pillow: Excessive memory allocation in PSD image reader (CVE-2021-28675)\n\n - python-pillow: Infinite loop in FLI image reader (CVE-2021-28676)\n\n - python-pillow: Excessive CPU use in EPS image reader (CVE-2021-28677)\n\n - python-pillow: Excessive looping in BLP image reader (CVE-2021-28678)\n\n - python-pillow: Buffer overflow in image convert function (CVE-2021-34552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "CentOS 8 : python-pillow (CESA-2021:4149)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-35653", "CVE-2020-35655", "CVE-2021-25287", "CVE-2021-25288", "CVE-2021-25290", "CVE-2021-25292", "CVE-2021-25293", "CVE-2021-27921", "CVE-2021-27922", "CVE-2021-27923", "CVE-2021-28675", "CVE-2021-28676", "CVE-2021-28677", "CVE-2021-28678", "CVE-2021-34552"], "modified": "2021-11-11T00:00:00", "cpe": ["cpe:/o:centos:centos:8-stream", "p-cpe:/a:centos:centos:python3-pillow"], "id": "CENTOS8_RHSA-2021-4149.NASL", "href": "https://www.tenable.com/plugins/nessus/155033", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2021:4149. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155033);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/11\");\n\n script_cve_id(\n \"CVE-2020-35653\",\n \"CVE-2020-35655\",\n \"CVE-2021-25287\",\n \"CVE-2021-25288\",\n \"CVE-2021-25290\",\n \"CVE-2021-25292\",\n \"CVE-2021-25293\",\n \"CVE-2021-27921\",\n \"CVE-2021-27922\",\n \"CVE-2021-27923\",\n \"CVE-2021-28675\",\n \"CVE-2021-28676\",\n \"CVE-2021-28677\",\n \"CVE-2021-28678\",\n \"CVE-2021-34552\"\n );\n script_xref(name:\"RHSA\", value:\"2021:4149\");\n\n script_name(english:\"CentOS 8 : python-pillow (CESA-2021:4149)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nCESA-2021:4149 advisory.\n\n - python-pillow: Buffer over-read in PCX image reader (CVE-2020-35653)\n\n - python-pillow: Buffer over-read in SGI RLE image reader (CVE-2020-35655)\n\n - python-pillow: Out-of-bounds read in J2K image reader (CVE-2021-25287, CVE-2021-25288)\n\n - python-pillow: Negative-offset memcpy in TIFF image reader (CVE-2021-25290)\n\n - python-pillow: Regular expression DoS in PDF format parser (CVE-2021-25292)\n\n - python-pillow: Out-of-bounds read in SGI RLE image reader (CVE-2021-25293)\n\n - python-pillow: Excessive memory allocation in BLP image reader (CVE-2021-27921)\n\n - python-pillow: Excessive memory allocation in ICNS image reader (CVE-2021-27922)\n\n - python-pillow: Excessive memory allocation in ICO image reader (CVE-2021-27923)\n\n - python-pillow: Excessive memory allocation in PSD image reader (CVE-2021-28675)\n\n - python-pillow: Infinite loop in FLI image reader (CVE-2021-28676)\n\n - python-pillow: Excessive CPU use in EPS image reader (CVE-2021-28677)\n\n - python-pillow: Excessive looping in BLP image reader (CVE-2021-28678)\n\n - python-pillow: Buffer overflow in image convert function (CVE-2021-34552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:4149\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python3-pillow package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-34552\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-pillow\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nvar os_ver = os_ver[1];\nif ('CentOS Stream' >!< release) audit(AUDIT_OS_NOT, 'CentOS 8-Stream');\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar pkgs = [\n {'reference':'python3-pillow-5.1.1-16.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-pillow-5.1.1-16.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python3-pillow');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-15T18:13:27", "description": "According to the versions of the python-pillow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function. (CVE-2021-23437)\n\n - An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex. (CVE-2021-25292)\n\n - An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.\n (CVE-2021-25293)\n\n - Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.\n (CVE-2021-34552)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-11-17T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.0 : python-pillow (EulerOS-SA-2021-2775)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-23437", "CVE-2021-25292", "CVE-2021-25293", "CVE-2021-34552"], "modified": "2022-04-18T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python3-pillow", "cpe:/o:huawei:euleros:uvp:2.9.0"], "id": "EULEROS_SA-2021-2775.NASL", "href": "https://www.tenable.com/plugins/nessus/155537", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155537);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/18\");\n\n script_cve_id(\n \"CVE-2021-23437\",\n \"CVE-2021-25292\",\n \"CVE-2021-25293\",\n \"CVE-2021-34552\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.9.0 : python-pillow (EulerOS-SA-2021-2775)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the python-pillow package installed, the EulerOS Virtualization installation on the remote\nhost is affected by the following vulnerabilities :\n\n - The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS)\n via the getrgb function. (CVE-2021-23437)\n\n - An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS)\n attack via a crafted PDF file because of a catastrophic backtracking regex. (CVE-2021-25292)\n\n - An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.\n (CVE-2021-25293)\n\n - Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass\n controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.\n (CVE-2021-34552)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2775\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bd1fedf2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python-pillow packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-34552\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-pillow\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"python3-pillow-5.3.0-4.h19.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-pillow\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-15T20:24:54", "description": "According to the versions of the python-pillow packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled. (CVE-2020-35655)\n\n - An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex. (CVE-2021-25292)\n\n - An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.\n (CVE-2021-25293)\n\n - Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.\n (CVE-2021-34552)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-09-24T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : python-pillow (EulerOS-SA-2021-2481)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-35655", "CVE-2021-25292", "CVE-2021-25293", "CVE-2021-34552"], "modified": "2021-09-24T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python2-pillow", "p-cpe:/a:huawei:euleros:python3-pillow", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2481.NASL", "href": "https://www.tenable.com/plugins/nessus/153604", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153604);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/24\");\n\n script_cve_id(\n \"CVE-2020-35655\",\n \"CVE-2021-25292\",\n \"CVE-2021-25293\",\n \"CVE-2021-34552\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : python-pillow (EulerOS-SA-2021-2481)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the python-pillow packages installed, the EulerOS installation on the remote host is\naffected by the following vulnerabilities :\n\n - In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image\n files because offsets and length tables are mishandled. (CVE-2020-35655)\n\n - An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS)\n attack via a crafted PDF file because of a catastrophic backtracking regex. (CVE-2021-25292)\n\n - An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.\n (CVE-2021-25293)\n\n - Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass\n controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.\n (CVE-2021-34552)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2481\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c7b096f0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python-pillow packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-34552\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python2-pillow\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-pillow\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"python2-pillow-5.3.0-1.h12.eulerosv2r8\",\n \"python3-pillow-5.3.0-1.h12.eulerosv2r8\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-pillow\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-15T20:28:43", "description": "According to the versions of the python-pillow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function. (CVE-2021-23437)\n\n - An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex. (CVE-2021-25292)\n\n - An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.\n (CVE-2021-25293)\n\n - Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.\n (CVE-2021-34552)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-11-17T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.1 : python-pillow (EulerOS-SA-2021-2731)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-23437", "CVE-2021-25292", "CVE-2021-25293", "CVE-2021-34552"], "modified": "2022-04-18T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python3-pillow", "cpe:/o:huawei:euleros:uvp:2.9.1"], "id": "EULEROS_SA-2021-2731.NASL", "href": "https://www.tenable.com/plugins/nessus/155480", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155480);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/18\");\n\n script_cve_id(\n \"CVE-2021-23437\",\n \"CVE-2021-25292\",\n \"CVE-2021-25293\",\n \"CVE-2021-34552\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.9.1 : python-pillow (EulerOS-SA-2021-2731)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the python-pillow package installed, the EulerOS Virtualization installation on the remote\nhost is affected by the following vulnerabilities :\n\n - The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS)\n via the getrgb function. (CVE-2021-23437)\n\n - An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS)\n attack via a crafted PDF file because of a catastrophic backtracking regex. (CVE-2021-25292)\n\n - An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.\n (CVE-2021-25293)\n\n - Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass\n controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.\n (CVE-2021-34552)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2731\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?092b9daa\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python-pillow packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-34552\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-pillow\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.1\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"python3-pillow-5.3.0-4.h19.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-pillow\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-01T00:00:00", "description": "According to the versions of the python-pillow packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.(CVE-2021-25287)\n\n - An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i.(CVE-2021-25288)\n\n - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.(CVE-2021-27921)\n\n - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.(CVE-2021-27922)\n\n - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.(CVE-2021-27923)\n\n - An issue was discovered in Pillow before 8.2.0.\n PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load.(CVE-2021-28675)\n\n - An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load.(CVE-2021-28676)\n\n - An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \\r and \\n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a DoS of Pillow in the open phase, before an image was accepted for opening.(CVE-2021-28677)\n\n - An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data.(CVE-2021-28678)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2021-08-10T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : python-pillow (EulerOS-SA-2021-2314)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-25287", "CVE-2021-25288", "CVE-2021-27921", "CVE-2021-27922", "CVE-2021-27923", "CVE-2021-28675", "CVE-2021-28676", "CVE-2021-28677", "CVE-2021-28678"], "modified": "2021-08-12T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python2-pillow", "p-cpe:/a:huawei:euleros:python3-pillow", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2314.NASL", "href": "https://www.tenable.com/plugins/nessus/152397", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152397);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/12\");\n\n script_cve_id(\n \"CVE-2021-25287\",\n \"CVE-2021-25288\",\n \"CVE-2021-27921\",\n \"CVE-2021-27922\",\n \"CVE-2021-27923\",\n \"CVE-2021-28675\",\n \"CVE-2021-28676\",\n \"CVE-2021-28677\",\n \"CVE-2021-28678\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : python-pillow (EulerOS-SA-2021-2314)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the python-pillow packages installed,\nthe EulerOS installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - An issue was discovered in Pillow before 8.2.0. There\n is an out-of-bounds read in J2kDecode, in\n j2ku_graya_la.(CVE-2021-25287)\n\n - An issue was discovered in Pillow before 8.2.0. There\n is an out-of-bounds read in J2kDecode, in\n j2ku_gray_i.(CVE-2021-25288)\n\n - Pillow before 8.1.1 allows attackers to cause a denial\n of service (memory consumption) because the reported\n size of a contained image is not properly checked for a\n BLP container, and thus an attempted memory allocation\n can be very large.(CVE-2021-27921)\n\n - Pillow before 8.1.1 allows attackers to cause a denial\n of service (memory consumption) because the reported\n size of a contained image is not properly checked for\n an ICNS container, and thus an attempted memory\n allocation can be very large.(CVE-2021-27922)\n\n - Pillow before 8.1.1 allows attackers to cause a denial\n of service (memory consumption) because the reported\n size of a contained image is not properly checked for\n an ICO container, and thus an attempted memory\n allocation can be very large.(CVE-2021-27923)\n\n - An issue was discovered in Pillow before 8.2.0.\n PSDImagePlugin.PsdImageFile lacked a sanity check on\n the number of input layers relative to the size of the\n data block. This could lead to a DoS on Image.open\n prior to Image.load.(CVE-2021-28675)\n\n - An issue was discovered in Pillow before 8.2.0. For FLI\n data, FliDecode did not properly check that the block\n advance was non-zero, potentially leading to an\n infinite loop on load.(CVE-2021-28676)\n\n - An issue was discovered in Pillow before 8.2.0. For EPS\n data, the readline implementation used in EPSImageFile\n has to deal with any combination of \\r and \\n as line\n endings. It used an accidentally quadratic method of\n accumulating lines while looking for a line ending. A\n malicious EPS file could use this to perform a DoS of\n Pillow in the open phase, before an image was accepted\n for opening.(CVE-2021-28677)\n\n - An issue was discovered in Pillow before 8.2.0. For BLP\n data, BlpImagePlugin did not properly check that reads\n (after jumping to file offsets) returned data. This\n could lead to a DoS where the decoder could be run a\n large number of times on empty data.(CVE-2021-28678)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2314\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?09d177a5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python-pillow packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python2-pillow\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-pillow\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"python2-pillow-5.3.0-1.h9.eulerosv2r8\",\n \"python3-pillow-5.3.0-1.h9.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-pillow\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-02-01T00:00:00", "description": "According to the versions of the python-pillow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large. (CVE-2021-27923)\n\n - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large. (CVE-2021-27922)\n\n - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. (CVE-2021-27921)\n\n - In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.(CVE-2020-35655)\n\n - An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \\r and \\n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a DoS of Pillow in the open phase, before an image was accepted for opening.(CVE-2021-28677)\n\n - An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load.(CVE-2021-28676)\n\n - An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.(CVE-2021-25287)\n\n - An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data.(CVE-2021-28678)\n\n - An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i.(CVE-2021-25288)\n\n - An issue was discovered in Pillow before 8.2.0.\n PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load.(CVE-2021-28675)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2021-07-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.1 : python-pillow (EulerOS-SA-2021-2187)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-35655", "CVE-2021-25287", "CVE-2021-25288", "CVE-2021-27921", "CVE-2021-27922", "CVE-2021-27923", "CVE-2021-28675", "CVE-2021-28676", "CVE-2021-28677", "CVE-2021-28678"], "modified": "2021-07-15T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python3-pillow", "cpe:/o:huawei:euleros:uvp:2.9.1"], "id": "EULEROS_SA-2021-2187.NASL", "href": "https://www.tenable.com/plugins/nessus/151547", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151547);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/15\");\n\n script_cve_id(\n \"CVE-2020-35655\",\n \"CVE-2021-25287\",\n \"CVE-2021-25288\",\n \"CVE-2021-27921\",\n \"CVE-2021-27922\",\n \"CVE-2021-27923\",\n \"CVE-2021-28675\",\n \"CVE-2021-28676\",\n \"CVE-2021-28677\",\n \"CVE-2021-28678\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.9.1 : python-pillow (EulerOS-SA-2021-2187)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the python-pillow package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - Pillow before 8.1.1 allows attackers to cause a denial\n of service (memory consumption) because the reported\n size of a contained image is not properly checked for\n an ICO container, and thus an attempted memory\n allocation can be very large. (CVE-2021-27923)\n\n - Pillow before 8.1.1 allows attackers to cause a denial\n of service (memory consumption) because the reported\n size of a contained image is not properly checked for\n an ICNS container, and thus an attempted memory\n allocation can be very large. (CVE-2021-27922)\n\n - Pillow before 8.1.1 allows attackers to cause a denial\n of service (memory consumption) because the reported\n size of a contained image is not properly checked for a\n BLP container, and thus an attempted memory allocation\n can be very large. (CVE-2021-27921)\n\n - In Pillow before 8.1.0, SGIRleDecode has a 4-byte\n buffer over-read when decoding crafted SGI RLE image\n files because offsets and length tables are\n mishandled.(CVE-2020-35655)\n\n - An issue was discovered in Pillow before 8.2.0. For EPS\n data, the readline implementation used in EPSImageFile\n has to deal with any combination of \\r and \\n as line\n endings. It used an accidentally quadratic method of\n accumulating lines while looking for a line ending. A\n malicious EPS file could use this to perform a DoS of\n Pillow in the open phase, before an image was accepted\n for opening.(CVE-2021-28677)\n\n - An issue was discovered in Pillow before 8.2.0. For FLI\n data, FliDecode did not properly check that the block\n advance was non-zero, potentially leading to an\n infinite loop on load.(CVE-2021-28676)\n\n - An issue was discovered in Pillow before 8.2.0. There\n is an out-of-bounds read in J2kDecode, in\n j2ku_graya_la.(CVE-2021-25287)\n\n - An issue was discovered in Pillow before 8.2.0. For BLP\n data, BlpImagePlugin did not properly check that reads\n (after jumping to file offsets) returned data. This\n could lead to a DoS where the decoder could be run a\n large number of times on empty data.(CVE-2021-28678)\n\n - An issue was discovered in Pillow before 8.2.0. There\n is an out-of-bounds read in J2kDecode, in\n j2ku_gray_i.(CVE-2021-25288)\n\n - An issue was discovered in Pillow before 8.2.0.\n PSDImagePlugin.PsdImageFile lacked a sanity check on\n the number of input layers relative to the size of the\n data block. This could lead to a DoS on Image.open\n prior to Image.load.(CVE-2021-28675)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2187\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b800a754\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python-pillow packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-pillow\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"python3-pillow-5.3.0-4.h11.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-pillow\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-02-01T00:00:00", "description": "According to the versions of the python-pillow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large. (CVE-2021-27923)\n\n - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large. (CVE-2021-27922)\n\n - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. (CVE-2021-27921)\n\n - In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.(CVE-2020-35655)\n\n - An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \\r and \\n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a DoS of Pillow in the open phase, before an image was accepted for opening.(CVE-2021-28677)\n\n - An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load.(CVE-2021-28676)\n\n - An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.(CVE-2021-25287)\n\n - An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data.(CVE-2021-28678)\n\n - An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i.(CVE-2021-25288)\n\n - An issue was discovered in Pillow before 8.2.0.\n PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load.(CVE-2021-28675)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2021-07-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.0 : python-pillow (EulerOS-SA-2021-2209)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-35655", "CVE-2021-25287", "CVE-2021-25288", "CVE-2021-27921", "CVE-2021-27922", "CVE-2021-27923", "CVE-2021-28675", "CVE-2021-28676", "CVE-2021-28677", "CVE-2021-28678"], "modified": "2021-07-15T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python3-pillow", "cpe:/o:huawei:euleros:uvp:2.9.0"], "id": "EULEROS_SA-2021-2209.NASL", "href": "https://www.tenable.com/plugins/nessus/151567", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151567);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/15\");\n\n script_cve_id(\n \"CVE-2020-35655\",\n \"CVE-2021-25287\",\n \"CVE-2021-25288\",\n \"CVE-2021-27921\",\n \"CVE-2021-27922\",\n \"CVE-2021-27923\",\n \"CVE-2021-28675\",\n \"CVE-2021-28676\",\n \"CVE-2021-28677\",\n \"CVE-2021-28678\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.9.0 : python-pillow (EulerOS-SA-2021-2209)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the python-pillow package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - Pillow before 8.1.1 allows attackers to cause a denial\n of service (memory consumption) because the reported\n size of a contained image is not properly checked for\n an ICO container, and thus an attempted memory\n allocation can be very large. (CVE-2021-27923)\n\n - Pillow before 8.1.1 allows attackers to cause a denial\n of service (memory consumption) because the reported\n size of a contained image is not properly checked for\n an ICNS container, and thus an attempted memory\n allocation can be very large. (CVE-2021-27922)\n\n - Pillow before 8.1.1 allows attackers to cause a denial\n of service (memory consumption) because the reported\n size of a contained image is not properly checked for a\n BLP container, and thus an attempted memory allocation\n can be very large. (CVE-2021-27921)\n\n - In Pillow before 8.1.0, SGIRleDecode has a 4-byte\n buffer over-read when decoding crafted SGI RLE image\n files because offsets and length tables are\n mishandled.(CVE-2020-35655)\n\n - An issue was discovered in Pillow before 8.2.0. For EPS\n data, the readline implementation used in EPSImageFile\n has to deal with any combination of \\r and \\n as line\n endings. It used an accidentally quadratic method of\n accumulating lines while looking for a line ending. A\n malicious EPS file could use this to perform a DoS of\n Pillow in the open phase, before an image was accepted\n for opening.(CVE-2021-28677)\n\n - An issue was discovered in Pillow before 8.2.0. For FLI\n data, FliDecode did not properly check that the block\n advance was non-zero, potentially leading to an\n infinite loop on load.(CVE-2021-28676)\n\n - An issue was discovered in Pillow before 8.2.0. There\n is an out-of-bounds read in J2kDecode, in\n j2ku_graya_la.(CVE-2021-25287)\n\n - An issue was discovered in Pillow before 8.2.0. For BLP\n data, BlpImagePlugin did not properly check that reads\n (after jumping to file offsets) returned data. This\n could lead to a DoS where the decoder could be run a\n large number of times on empty data.(CVE-2021-28678)\n\n - An issue was discovered in Pillow before 8.2.0. There\n is an out-of-bounds read in J2kDecode, in\n j2ku_gray_i.(CVE-2021-25288)\n\n - An issue was discovered in Pillow before 8.2.0.\n PSDImagePlugin.PsdImageFile lacked a sanity check on\n the number of input layers relative to the size of the\n data block. This could lead to a DoS on Image.open\n prior to Image.load.(CVE-2021-28675)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2209\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?383b6bbe\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python-pillow packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-pillow\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"python3-pillow-5.3.0-4.h11.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-pillow\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-02-01T00:00:00", "description": "According to the versions of the python-pillow package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.(CVE-2021-27921)\n\n - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.(CVE-2021-27922)\n\n - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.(CVE-2021-27923)\n\n - In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.(CVE-2020-35655)\n\n - An issue was discovered in Pillow before 8.2.0.\n PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load.(CVE-2021-28675)\n\n - An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load.(CVE-2021-28676)\n\n - An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \\r and \\n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a DoS of Pillow in the open phase, before an image was accepted for opening.(CVE-2021-28677)\n\n - An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data.(CVE-2021-28678)\n\n - An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.(CVE-2021-25287)\n\n - An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i.(CVE-2021-25288)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2021-08-09T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : python-pillow (EulerOS-SA-2021-2253)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-35655", "CVE-2021-25287", "CVE-2021-25288", "CVE-2021-27921", "CVE-2021-27922", "CVE-2021-27923", "CVE-2021-28675", "CVE-2021-28676", "CVE-2021-28677", "CVE-2021-28678"], "modified": "2021-08-11T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python3-pillow", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2253.NASL", "href": "https://www.tenable.com/plugins/nessus/152314", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152314);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/11\");\n\n script_cve_id(\n \"CVE-2020-35655\",\n \"CVE-2021-25287\",\n \"CVE-2021-25288\",\n \"CVE-2021-27921\",\n \"CVE-2021-27922\",\n \"CVE-2021-27923\",\n \"CVE-2021-28675\",\n \"CVE-2021-28676\",\n \"CVE-2021-28677\",\n \"CVE-2021-28678\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : python-pillow (EulerOS-SA-2021-2253)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the python-pillow package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Pillow before 8.1.1 allows attackers to cause a denial\n of service (memory consumption) because the reported\n size of a contained image is not properly checked for a\n BLP container, and thus an attempted memory allocation\n can be very large.(CVE-2021-27921)\n\n - Pillow before 8.1.1 allows attackers to cause a denial\n of service (memory consumption) because the reported\n size of a contained image is not properly checked for\n an ICNS container, and thus an attempted memory\n allocation can be very large.(CVE-2021-27922)\n\n - Pillow before 8.1.1 allows attackers to cause a denial\n of service (memory consumption) because the reported\n size of a contained image is not properly checked for\n an ICO container, and thus an attempted memory\n allocation can be very large.(CVE-2021-27923)\n\n - In Pillow before 8.1.0, SGIRleDecode has a 4-byte\n buffer over-read when decoding crafted SGI RLE image\n files because offsets and length tables are\n mishandled.(CVE-2020-35655)\n\n - An issue was discovered in Pillow before 8.2.0.\n PSDImagePlugin.PsdImageFile lacked a sanity check on\n the number of input layers relative to the size of the\n data block. This could lead to a DoS on Image.open\n prior to Image.load.(CVE-2021-28675)\n\n - An issue was discovered in Pillow before 8.2.0. For FLI\n data, FliDecode did not properly check that the block\n advance was non-zero, potentially leading to an\n infinite loop on load.(CVE-2021-28676)\n\n - An issue was discovered in Pillow before 8.2.0. For EPS\n data, the readline implementation used in EPSImageFile\n has to deal with any combination of \\r and \\n as line\n endings. It used an accidentally quadratic method of\n accumulating lines while looking for a line ending. A\n malicious EPS file could use this to perform a DoS of\n Pillow in the open phase, before an image was accepted\n for opening.(CVE-2021-28677)\n\n - An issue was discovered in Pillow before 8.2.0. For BLP\n data, BlpImagePlugin did not properly check that reads\n (after jumping to file offsets) returned data. This\n could lead to a DoS where the decoder could be run a\n large number of times on empty data.(CVE-2021-28678)\n\n - An issue was discovered in Pillow before 8.2.0. There\n is an out-of-bounds read in J2kDecode, in\n j2ku_graya_la.(CVE-2021-25287)\n\n - An issue was discovered in Pillow before 8.2.0. There\n is an out-of-bounds read in J2kDecode, in\n j2ku_gray_i.(CVE-2021-25288)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2253\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bd48637a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python-pillow packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-pillow\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"python3-pillow-5.3.0-4.h11.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-pillow\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-02-01T00:00:00", "description": "According to the versions of the python-pillow package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.(CVE-2021-27921)\n\n - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.(CVE-2021-27922)\n\n - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.(CVE-2021-27923)\n\n - In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.(CVE-2020-35655)\n\n - An issue was discovered in Pillow before 8.2.0.\n PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load.(CVE-2021-28675)\n\n - An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load.(CVE-2021-28676)\n\n - An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \\r and \\n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a DoS of Pillow in the open phase, before an image was accepted for opening.(CVE-2021-28677)\n\n - An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data.(CVE-2021-28678)\n\n - An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.(CVE-2021-25287)\n\n - An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i.(CVE-2021-25288)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2021-08-09T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : python-pillow (EulerOS-SA-2021-2279)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-35655", "CVE-2021-25287", "CVE-2021-25288", "CVE-2021-27921", "CVE-2021-27922", "CVE-2021-27923", "CVE-2021-28675", "CVE-2021-28676", "CVE-2021-28677", "CVE-2021-28678"], "modified": "2021-08-11T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python3-pillow", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2279.NASL", "href": "https://www.tenable.com/plugins/nessus/152285", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152285);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/11\");\n\n script_cve_id(\n \"CVE-2020-35655\",\n \"CVE-2021-25287\",\n \"CVE-2021-25288\",\n \"CVE-2021-27921\",\n \"CVE-2021-27922\",\n \"CVE-2021-27923\",\n \"CVE-2021-28675\",\n \"CVE-2021-28676\",\n \"CVE-2021-28677\",\n \"CVE-2021-28678\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : python-pillow (EulerOS-SA-2021-2279)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the python-pillow package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Pillow before 8.1.1 allows attackers to cause a denial\n of service (memory consumption) because the reported\n size of a contained image is not properly checked for a\n BLP container, and thus an attempted memory allocation\n can be very large.(CVE-2021-27921)\n\n - Pillow before 8.1.1 allows attackers to cause a denial\n of service (memory consumption) because the reported\n size of a contained image is not properly checked for\n an ICNS container, and thus an attempted memory\n allocation can be very large.(CVE-2021-27922)\n\n - Pillow before 8.1.1 allows attackers to cause a denial\n of service (memory consumption) because the reported\n size of a contained image is not properly checked for\n an ICO container, and thus an attempted memory\n allocation can be very large.(CVE-2021-27923)\n\n - In Pillow before 8.1.0, SGIRleDecode has a 4-byte\n buffer over-read when decoding crafted SGI RLE image\n files because offsets and length tables are\n mishandled.(CVE-2020-35655)\n\n - An issue was discovered in Pillow before 8.2.0.\n PSDImagePlugin.PsdImageFile lacked a sanity check on\n the number of input layers relative to the size of the\n data block. This could lead to a DoS on Image.open\n prior to Image.load.(CVE-2021-28675)\n\n - An issue was discovered in Pillow before 8.2.0. For FLI\n data, FliDecode did not properly check that the block\n advance was non-zero, potentially leading to an\n infinite loop on load.(CVE-2021-28676)\n\n - An issue was discovered in Pillow before 8.2.0. For EPS\n data, the readline implementation used in EPSImageFile\n has to deal with any combination of \\r and \\n as line\n endings. It used an accidentally quadratic method of\n accumulating lines while looking for a line ending. A\n malicious EPS file could use this to perform a DoS of\n Pillow in the open phase, before an image was accepted\n for opening.(CVE-2021-28677)\n\n - An issue was discovered in Pillow before 8.2.0. For BLP\n data, BlpImagePlugin did not properly check that reads\n (after jumping to file offsets) returned data. This\n could lead to a DoS where the decoder could be run a\n large number of times on empty data.(CVE-2021-28678)\n\n - An issue was discovered in Pillow before 8.2.0. There\n is an out-of-bounds read in J2kDecode, in\n j2ku_graya_la.(CVE-2021-25287)\n\n - An issue was discovered in Pillow before 8.2.0. There\n is an out-of-bounds read in J2kDecode, in\n j2ku_gray_i.(CVE-2021-25288)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2279\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5e66e76c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python-pillow packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-pillow\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"python3-pillow-5.3.0-4.h11.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-pillow\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-05-05T14:33:55", "description": "According to the version of the python-pillow packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.(CVE-2021-25290)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2021-07-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : python-pillow (EulerOS-SA-2021-2064)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-25290"], "modified": "2021-07-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python3-pillow", "p-cpe:/a:huawei:euleros:python3-pillow-help", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2064.NASL", "href": "https://www.tenable.com/plugins/nessus/151253", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151253);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/06\");\n\n script_cve_id(\n \"CVE-2021-25290\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : python-pillow (EulerOS-SA-2021-2064)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the python-pillow packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - An issue was discovered in Pillow before 8.1.1. In\n TiffDecode.c, there is a negative-offset memcpy with an\n invalid size.(CVE-2021-25290)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2064\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?04bd449d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python-pillow package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-pillow\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-pillow-help\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"python3-pillow-5.3.0-4.h8.eulerosv2r9\",\n \"python3-pillow-help-5.3.0-4.h8.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-pillow\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-05-05T14:34:26", "description": "According to the version of the python-pillow packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.(CVE-2021-25290)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2021-07-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : python-pillow (EulerOS-SA-2021-2053)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-25290"], "modified": "2021-07-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python3-pillow", "p-cpe:/a:huawei:euleros:python3-pillow-help", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2053.NASL", "href": "https://www.tenable.com/plugins/nessus/151225", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151225);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/06\");\n\n script_cve_id(\n \"CVE-2021-25290\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : python-pillow (EulerOS-SA-2021-2053)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the python-pillow packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - An issue was discovered in Pillow before 8.1.1. In\n TiffDecode.c, there is a negative-offset memcpy with an\n invalid size.(CVE-2021-25290)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2053\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c2e3e449\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python-pillow package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-pillow\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-pillow-help\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"python3-pillow-5.3.0-4.h8.eulerosv2r9\",\n \"python3-pillow-help-5.3.0-4.h8.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-pillow\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-05-05T14:30:30", "description": "According to the version of the python-pillow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :\n\n - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.(CVE-2021-25290)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2021-06-04T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.0 : python-pillow (EulerOS-SA-2021-1972)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-25290"], "modified": "2021-06-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python3-pillow", "cpe:/o:huawei:euleros:uvp:2.9.0"], "id": "EULEROS_SA-2021-1972.NASL", "href": "https://www.tenable.com/plugins/nessus/150268", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150268);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/08\");\n\n script_cve_id(\n \"CVE-2021-25290\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.9.0 : python-pillow (EulerOS-SA-2021-1972)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the python-pillow package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerability :\n\n - An issue was discovered in Pillow before 8.1.1. In\n TiffDecode.c, there is a negative-offset memcpy with an\n invalid size.(CVE-2021-25290)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1972\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ee8d52f8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python-pillow package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-pillow\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"python3-pillow-5.3.0-4.h8.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-pillow\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-05-05T14:33:24", "description": "According to the version of the python-pillow packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.(CVE-2021-25290)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2021-06-28T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : python-pillow (EulerOS-SA-2021-1986)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-25290"], "modified": "2021-06-30T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python2-pillow", "p-cpe:/a:huawei:euleros:python3-pillow", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1986.NASL", "href": "https://www.tenable.com/plugins/nessus/151041", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151041);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/30\");\n\n script_cve_id(\n \"CVE-2021-25290\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : python-pillow (EulerOS-SA-2021-1986)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the python-pillow packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - An issue was discovered in Pillow before 8.1.1. In\n TiffDecode.c, there is a negative-offset memcpy with an\n invalid size.(CVE-2021-25290)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1986\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4f7b1a3e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python-pillow package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python2-pillow\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-pillow\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"python2-pillow-5.3.0-1.h7.eulerosv2r8\",\n \"python3-pillow-5.3.0-1.h7.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-pillow\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-05-05T14:30:29", "description": "According to the version of the python-pillow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :\n\n - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.(CVE-2021-25290)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2021-06-04T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.1 : python-pillow (EulerOS-SA-2021-1966)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-25290"], "modified": "2021-06-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python3-pillow", "cpe:/o:huawei:euleros:uvp:2.9.1"], "id": "EULEROS_SA-2021-1966.NASL", "href": "https://www.tenable.com/plugins/nessus/150265", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150265);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/08\");\n\n script_cve_id(\n \"CVE-2021-25290\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.9.1 : python-pillow (EulerOS-SA-2021-1966)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the python-pillow package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerability :\n\n - An issue was discovered in Pillow before 8.1.1. In\n TiffDecode.c, there is a negative-offset memcpy with an\n invalid size.(CVE-2021-25290)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1966\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ad506e9d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python-pillow package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-pillow\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"python3-pillow-5.3.0-4.h8.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-pillow\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-05-05T14:36:36", "description": "According to the version of the python-pillow package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.(CVE-2021-25290)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2021-07-16T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : python-pillow (EulerOS-SA-2021-2227)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-25290"], "modified": "2021-07-21T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python-pillow", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2227.NASL", "href": "https://www.tenable.com/plugins/nessus/151777", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151777);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/21\");\n\n script_cve_id(\n \"CVE-2021-25290\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : python-pillow (EulerOS-SA-2021-2227)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the python-pillow package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - An issue was discovered in Pillow before 8.1.1. In\n TiffDecode.c, there is a negative-offset memcpy with an\n invalid size.(CVE-2021-25290)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2227\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?989ab638\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python-pillow package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-pillow\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"python-pillow-2.0.0-19.h10.gitd1c6db8.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-pillow\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-05-05T14:32:55", "description": "According to the version of the python-pillow package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability :\n\n - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.(CVE-2021-25290)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2021-06-30T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.6.0 : python-pillow (EulerOS-SA-2021-2019)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-25290"], "modified": "2021-07-02T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python2-pillow", "cpe:/o:huawei:euleros:uvp:3.0.6.0"], "id": "EULEROS_SA-2021-2019.NASL", "href": "https://www.tenable.com/plugins/nessus/151163", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151163);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/02\");\n\n script_cve_id(\n \"CVE-2021-25290\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.6.0 : python-pillow (EulerOS-SA-2021-2019)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the python-pillow package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerability :\n\n - An issue was discovered in Pillow before 8.1.1. In\n TiffDecode.c, there is a negative-offset memcpy with an\n invalid size.(CVE-2021-25290)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2019\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1710f7ed\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python-pillow package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python2-pillow\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"python2-pillow-5.3.0-1.h7.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-pillow\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-05-05T14:34:25", "description": "According to the version of the python-pillow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :\n\n - A flaw was found in python-pillow. In TiffDecode.c, there is a negative-offset memcpy with an invalid size which could lead to a system crash.(CVE-2021-25290)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2021-07-01T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.6.6 : python-pillow (EulerOS-SA-2021-2037)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-25290"], "modified": "2021-07-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python-pillow", "cpe:/o:huawei:euleros:uvp:3.0.6.6"], "id": "EULEROS_SA-2021-2037.NASL", "href": "https://www.tenable.com/plugins/nessus/151244", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151244);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/06\");\n\n script_cve_id(\n \"CVE-2021-25290\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.6.6 : python-pillow (EulerOS-SA-2021-2037)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the python-pillow package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerability :\n\n - A flaw was found in python-pillow. In TiffDecode.c,\n there is a negative-offset memcpy with an invalid size\n which could lead to a system crash.(CVE-2021-25290)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2037\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8f598877\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python-pillow package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-pillow\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"python-pillow-2.0.0-19.h10.gitd1c6db8.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-pillow\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-05-05T14:33:55", "description": "According to the versions of the python-pillow package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in python-pillow. In TiffDecode.c, there is a negative-offset memcpy with an invalid size which could lead to a system crash.(CVE-2021-25290)\n\n - A flaw was found in python-pillow.\n PsdImagePlugin.PsdImageFile does not sanity check the number of input layers with regard to the size of the data block which could lead to a denial-of-service.(CVE-2021-28675)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2021-07-02T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : python-pillow (EulerOS-SA-2021-2123)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-25290", "CVE-2021-28675"], "modified": "2021-07-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python-pillow", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2021-2123.NASL", "href": "https://www.tenable.com/plugins/nessus/151351", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151351);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/06\");\n\n script_cve_id(\n \"CVE-2021-25290\",\n \"CVE-2021-28675\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : python-pillow (EulerOS-SA-2021-2123)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the python-pillow package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - A flaw was found in python-pillow. In TiffDecode.c,\n there is a negative-offset memcpy with an invalid size\n which could lead to a system crash.(CVE-2021-25290)\n\n - A flaw was found in python-pillow.\n PsdImagePlugin.PsdImageFile does not sanity check the\n number of input layers with regard to the size of the\n data block which could lead to a\n denial-of-service.(CVE-2021-28675)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2123\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?82ebe667\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python-pillow packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-pillow\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"python-pillow-2.0.0-19.h11.gitd1c6db8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-pillow\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:09:30", "description": "The remote host is affected by the vulnerability described in GLSA-202101-08 (Pillow: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Pillow. Please review the CVE identifiers referenced below for details.\n Impact :\n\n Please review the referenced CVE identifiers for details.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2021-01-12T00:00:00", "type": "nessus", "title": "GLSA-202101-08 : Pillow: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-35653", "CVE-2020-35654", "CVE-2020-35655"], "modified": "2021-01-15T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:pillow", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202101-08.NASL", "href": "https://www.tenable.com/plugins/nessus/144867", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202101-08.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144867);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/15\");\n\n script_cve_id(\"CVE-2020-35653\", \"CVE-2020-35654\", \"CVE-2020-35655\");\n script_xref(name:\"GLSA\", value:\"202101-08\");\n\n script_name(english:\"GLSA-202101-08 : Pillow: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202101-08\n(Pillow: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Pillow. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202101-08\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All Pillow users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-python/pillow-8.1.0'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:pillow\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-python/pillow\", unaffected:make_list(\"ge 8.1.0\"), vulnerable:make_list(\"lt 8.1.0\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Pillow\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:06:30", "description": "The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-880aa7bd27 advisory.\n\n - In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations. (CVE-2020-35653)\n\n - In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. (CVE-2020-35654)\n\n - In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled. (CVE-2020-35655)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2021-01-25T00:00:00", "type": "nessus", "title": "Fedora 32 : python-pillow (2021-880aa7bd27)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-35653", "CVE-2020-35654", "CVE-2020-35655"], "modified": "2021-04-12T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:32", "p-cpe:/a:fedoraproject:fedora:python-pillow"], "id": "FEDORA_2021-880AA7BD27.NASL", "href": "https://www.tenable.com/plugins/nessus/145337", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2021-880aa7bd27\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145337);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/12\");\n\n script_cve_id(\"CVE-2020-35653\", \"CVE-2020-35654\", \"CVE-2020-35655\");\n script_xref(name:\"FEDORA\", value:\"2021-880aa7bd27\");\n\n script_name(english:\"Fedora 32 : python-pillow (2021-880aa7bd27)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2021-880aa7bd27 advisory.\n\n - In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the\n user-supplied stride value is trusted for buffer calculations. (CVE-2020-35653)\n\n - In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files\n because of certain interpretation conflicts with LibTIFF in RGBA mode. (CVE-2020-35654)\n\n - In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image\n files because offsets and length tables are mishandled. (CVE-2020-35655)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2021-880aa7bd27\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python-pillow package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-35654\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python-pillow\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Fedora' >!< release) audit(AUDIT_OS_NOT, 'Fedora');\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 32', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\npkgs = [\n {'reference':'python-pillow-7.0.0-5.fc32', 'release':'FC32', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python-pillow');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:07:38", "description": "The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4697-1 advisory.\n\n - In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations. (CVE-2020-35653)\n\n - In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. (CVE-2020-35654)\n\n - In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled. (CVE-2020-35655)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2021-01-18T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : Pillow vulnerabilities (USN-4697-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-35653", "CVE-2020-35654", "CVE-2020-35655"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.10", "p-cpe:/a:canonical:ubuntu_linux:python-imaging", "p-cpe:/a:canonical:ubuntu_linux:python-pil", "p-cpe:/a:canonical:ubuntu_linux:python-pil.imagetk", "p-cpe:/a:canonical:ubuntu_linux:python3-pil", "p-cpe:/a:canonical:ubuntu_linux:python3-pil.imagetk"], "id": "UBUNTU_USN-4697-1.NASL", "href": "https://www.tenable.com/plugins/nessus/145048", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4697-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145048);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2020-35653\", \"CVE-2020-35654\", \"CVE-2020-35655\");\n script_xref(name:\"USN\", value:\"4697-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : Pillow vulnerabilities (USN-4697-1)\");\n script_summary(english:\"Checks the dpkg output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the USN-4697-1 advisory.\n\n - In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the\n user-supplied stride value is trusted for buffer calculations. (CVE-2020-35653)\n\n - In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files\n because of certain interpretation conflicts with LibTIFF in RGBA mode. (CVE-2020-35654)\n\n - In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image\n files because offsets and length tables are mishandled. (CVE-2020-35655)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4697-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-35654\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-imaging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-pil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-pil.imagetk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3-pil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3-pil.imagetk\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021 Canonical, Inc. / NASL script (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|20\\.04|20\\.10)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04 / 20.10', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '16.04', 'pkgname': 'python-imaging', 'pkgver': '3.1.2-0ubuntu1.5'},\n {'osver': '16.04', 'pkgname': 'python-pil', 'pkgver': '3.1.2-0ubuntu1.5'},\n {'osver': '16.04', 'pkgname': 'python-pil.imagetk', 'pkgver': '3.1.2-0ubuntu1.5'},\n {'osver': '16.04', 'pkgname': 'python3-pil', 'pkgver': '3.1.2-0ubuntu1.5'},\n {'osver': '16.04', 'pkgname': 'python3-pil.imagetk', 'pkgver': '3.1.2-0ubuntu1.5'},\n {'osver': '18.04', 'pkgname': 'python-pil', 'pkgver': '5.1.0-1ubuntu0.4'},\n {'osver': '18.04', 'pkgname': 'python-pil.imagetk', 'pkgver': '5.1.0-1ubuntu0.4'},\n {'osver': '18.04', 'pkgname': 'python3-pil', 'pkgver': '5.1.0-1ubuntu0.4'},\n {'osver': '18.04', 'pkgname': 'python3-pil.imagetk', 'pkgver': '5.1.0-1ubuntu0.4'},\n {'osver': '20.04', 'pkgname': 'python3-pil', 'pkgver': '7.0.0-4ubuntu0.2'},\n {'osver': '20.04', 'pkgname': 'python3-pil.imagetk', 'pkgver': '7.0.0-4ubuntu0.2'},\n {'osver': '20.10', 'pkgname': 'python3-pil', 'pkgver': '7.2.0-1ubuntu0.1'},\n {'osver': '20.10', 'pkgname': 'python3-pil.imagetk', 'pkgver': '7.2.0-1ubuntu0.1'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python-imaging / python-pil / python-pil.imagetk / python3-pil / etc');\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:07:38", "description": "The remote Fedora 33 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2021-a8ddc1ce70 advisory.\n\n - In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations. (CVE-2020-35653)\n\n - In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. (CVE-2020-35654)\n\n - In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled. (CVE-2020-35655)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2021-01-21T00:00:00", "type": "nessus", "title": "Fedora 33 : mingw-python-pillow / python-pillow (2021-a8ddc1ce70)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-35653", "CVE-2020-35654", "CVE-2020-35655"], "modified": "2021-04-12T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:33", "p-cpe:/a:fedoraproject:fedora:mingw-python-pillow", "p-cpe:/a:fedoraproject:fedora:python-pillow"], "id": "FEDORA_2021-A8DDC1CE70.NASL", "href": "https://www.tenable.com/plugins/nessus/145235", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2021-a8ddc1ce70\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145235);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/12\");\n\n script_cve_id(\"CVE-2020-35653\", \"CVE-2020-35654\", \"CVE-2020-35655\");\n script_xref(name:\"FEDORA\", value:\"2021-a8ddc1ce70\");\n\n script_name(english:\"Fedora 33 : mingw-python-pillow / python-pillow (2021-a8ddc1ce70)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 33 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nFEDORA-2021-a8ddc1ce70 advisory.\n\n - In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the\n user-supplied stride value is trusted for buffer calculations. (CVE-2020-35653)\n\n - In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files\n because of certain interpretation conflicts with LibTIFF in RGBA mode. (CVE-2020-35654)\n\n - In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image\n files because offsets and length tables are mishandled. (CVE-2020-35655)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2021-a8ddc1ce70\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected mingw-python-pillow and / or python-pillow packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-35654\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:33\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-python-pillow\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python-pillow\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Fedora' >!< release) audit(AUDIT_OS_NOT, 'Fedora');\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^33([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 33', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\npkgs = [\n {'reference':'mingw-python-pillow-7.2.0-3.fc33', 'release':'FC33', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-pillow-7.2.0-3.fc33', 'release':'FC33', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mingw-python-pillow / python-pillow');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T14:59:43", "description": "According to the versions of the python-pillow package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.(CVE-2021-25290)\n\n - In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer.(CVE-2020-10378)\n\n - In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.(CVE-2020-35653)\n\n - Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c.(CVE-2020-10177)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}, "published": "2021-04-30T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : python-pillow (EulerOS-SA-2021-1840)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-10177", "CVE-2020-10378", "CVE-2020-35653", "CVE-2021-25290"], "modified": "2021-05-04T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python-pillow", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1840.NASL", "href": "https://www.tenable.com/plugins/nessus/149119", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149119);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/04\");\n\n script_cve_id(\n \"CVE-2020-10177\",\n \"CVE-2020-10378\",\n \"CVE-2020-35653\",\n \"CVE-2021-25290\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : python-pillow (EulerOS-SA-2021-1840)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the python-pillow package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in Pillow before 8.1.1. In\n TiffDecode.c, there is a negative-offset memcpy with an\n invalid size.(CVE-2021-25290)\n\n - In libImaging/PcxDecode.c in Pillow before 7.1.0, an\n out-of-bounds read can occur when reading PCX files\n where state->shuffle is instructed to read beyond\n state->buffer.(CVE-2020-10378)\n\n - In Pillow before 8.1.0, PcxDecode has a buffer\n over-read when decoding a crafted PCX file because the\n user-supplied stride value is trusted for buffer\n calculations.(CVE-2020-35653)\n\n - Pillow before 7.1.0 has multiple out-of-bounds reads in\n libImaging/FliDecode.c.(CVE-2020-10177)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1840\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d4c900fb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python-pillow packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-pillow\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"python-pillow-2.0.0-19.gitd1c6db8.h6\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-pillow\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-05-05T14:39:30", "description": "According to the versions of the python-pillow package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in Pillow before 8.2.0.\n PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load.(CVE-2021-28675)\n\n - An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load.(CVE-2021-28676)\n\n - An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \\r and \\n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a DoS of Pillow in the open phase, before an image was accepted for opening.(CVE-2021-28677)\n\n - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.(CVE-2021-25290)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : python-pillow (EulerOS-SA-2021-2432)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-25290", "CVE-2021-28675", "CVE-2021-28676", "CVE-2021-28677"], "modified": "2021-09-16T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python-pillow", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2432.NASL", "href": "https://www.tenable.com/plugins/nessus/153337", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153337);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/16\");\n\n script_cve_id(\n \"CVE-2021-25290\",\n \"CVE-2021-28675\",\n \"CVE-2021-28676\",\n \"CVE-2021-28677\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : python-pillow (EulerOS-SA-2021-2432)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the python-pillow package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in Pillow before 8.2.0.\n PSDImagePlugin.PsdImageFile lacked a sanity check on\n the number of input layers relative to the size of the\n data block. This could lead to a DoS on Image.open\n prior to Image.load.(CVE-2021-28675)\n\n - An issue was discovered in Pillow before 8.2.0. For FLI\n data, FliDecode did not properly check that the block\n advance was non-zero, potentially leading to an\n infinite loop on load.(CVE-2021-28676)\n\n - An issue was discovered in Pillow before 8.2.0. For EPS\n data, the readline implementation used in EPSImageFile\n has to deal with any combination of \\r and \\n as line\n endings. It used an accidentally quadratic method of\n accumulating lines while looking for a line ending. A\n malicious EPS file could use this to perform a DoS of\n Pillow in the open phase, before an image was accepted\n for opening.(CVE-2021-28677)\n\n - An issue was discovered in Pillow before 8.1.1. In\n TiffDecode.c, there is a negative-offset memcpy with an\n invalid size.(CVE-2021-25290)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2432\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d459e073\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python-pillow packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28677\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-pillow\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"python-pillow-2.0.0-19.gitd1c6db8.h9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-pillow\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-15T20:23:07", "description": "The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2716 advisory.\n\n - In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations. (CVE-2020-35653)\n\n - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size. (CVE-2021-25290)\n\n - An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load. (CVE-2021-28676)\n\n - An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \\r and \\n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a DoS of Pillow in the open phase, before an image was accepted for opening.\n (CVE-2021-28677)\n\n - Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.\n (CVE-2021-34552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-07-23T00:00:00", "type": "nessus", "title": "Debian DLA-2716-1 : pillow - LTS security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-35653", "CVE-2021-25290", "CVE-2021-28676", "CVE-2021-28677", "CVE-2021-34552"], "modified": "2021-07-23T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:python-imaging", "p-cpe:/a:debian:debian_linux:python-pil", "p-cpe:/a:debian:debian_linux:python-pil-dbg", "p-cpe:/a:debian:debian_linux:python-pil-doc", "p-cpe:/a:debian:debian_linux:python-pil.imagetk", "p-cpe:/a:debian:debian_linux:python-pil.imagetk-dbg", "p-cpe:/a:debian:debian_linux:python3-pil", "p-cpe:/a:debian:debian_linux:python3-pil-dbg", "p-cpe:/a:debian:debian_linux:python3-pil.imagetk", "p-cpe:/a:debian:debian_linux:python3-pil.imagetk-dbg", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2716.NASL", "href": "https://www.tenable.com/plugins/nessus/152012", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dla-2716. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152012);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/23\");\n\n script_cve_id(\n \"CVE-2020-35653\",\n \"CVE-2021-25290\",\n \"CVE-2021-28676\",\n \"CVE-2021-28677\",\n \"CVE-2021-34552\"\n );\n\n script_name(english:\"Debian DLA-2716-1 : pillow - LTS security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndla-2716 advisory.\n\n - In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the\n user-supplied stride value is trusted for buffer calculations. (CVE-2020-35653)\n\n - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an\n invalid size. (CVE-2021-25290)\n\n - An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the\n block advance was non-zero, potentially leading to an infinite loop on load. (CVE-2021-28676)\n\n - An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in\n EPSImageFile has to deal with any combination of \\r and \\n as line endings. It used an accidentally\n quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use\n this to perform a DoS of Pillow in the open phase, before an image was accepted for opening.\n (CVE-2021-28677)\n\n - Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass\n controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.\n (CVE-2021-34552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/pillow\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/lts/security/2021/dla-2716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-35653\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-25290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-28676\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-28677\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-34552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/stretch/pillow\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the pillow packages.\n\nFor Debian 9 stretch, these problems have been fixed in version 4.0.0-4+deb9u3.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-34552\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-imaging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-pil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-pil-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-pil-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-pil.imagetk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-pil.imagetk-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python3-pil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python3-pil-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python3-pil.imagetk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python3-pil.imagetk-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nrelease = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nrelease = chomp(release);\nif (! preg(pattern:\"^(9)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 9.0', 'Debian ' + release);\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\npkgs = [\n {'release': '9.0', 'prefix': 'python-imaging', 'reference': '4.0.0-4+deb9u3'},\n {'release': '9.0', 'prefix': 'python-pil', 'reference': '4.0.0-4+deb9u3'},\n {'release': '9.0', 'prefix': 'python-pil-dbg', 'reference': '4.0.0-4+deb9u3'},\n {'release': '9.0', 'prefix': 'python-pil-doc', 'reference': '4.0.0-4+deb9u3'},\n {'release': '9.0', 'prefix': 'python-pil.imagetk', 'reference': '4.0.0-4+deb9u3'},\n {'release': '9.0', 'prefix': 'python-pil.imagetk-dbg', 'reference': '4.0.0-4+deb9u3'},\n {'release': '9.0', 'prefix': 'python3-pil', 'reference': '4.0.0-4+deb9u3'},\n {'release': '9.0', 'prefix': 'python3-pil-dbg', 'reference': '4.0.0-4+deb9u3'},\n {'release': '9.0', 'prefix': 'python3-pil.imagetk', 'reference': '4.0.0-4+deb9u3'},\n {'release': '9.0', 'prefix': 'python3-pil.imagetk-dbg', 'reference': '4.0.0-4+deb9u3'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n release = NULL;\n prefix = NULL;\n reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python-imaging / python-pil / python-pil-dbg / python-pil-doc / etc');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-15T18:14:27", "description": "According to the versions of the python-pillow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function. (CVE-2021-23437)\n\n - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size. (CVE-2021-25290)\n\n - An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load. (CVE-2021-28675)\n\n - An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load. (CVE-2021-28676)\n\n - An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \\r and \\n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a DoS of Pillow in the open phase, before an image was accepted for opening.\n (CVE-2021-28677)\n\n - Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.\n (CVE-2021-34552)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-01-06T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.2.6 : python-pillow (EulerOS-SA-2021-2893)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-23437", "CVE-2021-25290", "CVE-2021-28675", "CVE-2021-28676", "CVE-2021-28677", "CVE-2021-34552"], "modified": "2022-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python-pillow", "cpe:/o:huawei:euleros:uvp:3.0.2.6"], "id": "EULEROS_SA-2021-2893.NASL", "href": "https://www.tenable.com/plugins/nessus/156496", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156496);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/06\");\n\n script_cve_id(\n \"CVE-2021-23437\",\n \"CVE-2021-25290\",\n \"CVE-2021-28675\",\n \"CVE-2021-28676\",\n \"CVE-2021-28677\",\n \"CVE-2021-34552\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.2.6 : python-pillow (EulerOS-SA-2021-2893)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the python-pillow package installed, the EulerOS Virtualization installation on the remote\nhost is affected by the following vulnerabilities :\n\n - The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS)\n via the getrgb function. (CVE-2021-23437)\n\n - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an\n invalid size. (CVE-2021-25290)\n\n - An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the\n number of input layers relative to the size of the data block. This could lead to a DoS on Image.open\n prior to Image.load. (CVE-2021-28675)\n\n - An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the\n block advance was non-zero, potentially leading to an infinite loop on load. (CVE-2021-28676)\n\n - An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in\n EPSImageFile has to deal with any combination of \\r and \\n as line endings. It used an accidentally\n quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use\n this to perform a DoS of Pillow in the open phase, before an image was accepted for opening.\n (CVE-2021-28677)\n\n - Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass\n controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.\n (CVE-2021-34552)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2893\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?14ea833a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python-pillow packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-34552\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-pillow\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.6\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"python-pillow-2.0.0-19.h14.gitd1c6db8.eulerosv2r7\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-pillow\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2022-01-04T10:55:28", "description": "It was discovered that Pillow incorrectly handled certain Tiff image files. \nIf a user or automated system were tricked into opening a specially-crafted \nTiff file, a remote attacker could cause Pillow to crash, resulting in a \ndenial of service, or possibly execute arbitrary code. This issue only \naffected Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2021-25289, \nCVE-2021-25291)\n\nIt was discovered that Pillow incorrectly handled certain Tiff image files. \nIf a user or automated system were tricked into opening a specially-crafted \nTiff file, a remote attacker could cause Pillow to crash, resulting in a \ndenial of service, or possibly execute arbitrary code. (CVE-2021-25290)\n\nIt was discovered that Pillow incorrectly handled certain PDF files. If a \nuser or automated system were tricked into opening a specially-crafted \nPDF file, a remote attacker could cause Pillow to hang, resulting in a \ndenial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 \nLTS, and Ubuntu 20.10. (CVE-2021-25292)\n\nIt was discovered that Pillow incorrectly handled certain SGI image files. \nIf a user or automated system were tricked into opening a specially-crafted \nSGI file, a remote attacker could possibly cause Pillow to crash, \nresulting in a denial of service. This issue only affected Ubuntu 18.04 \nLTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. (CVE-2021-25293)\n\nJiayi Lin, Luke Shaffer, Xinran Xie, and Akshay Ajayan discovered that \nPillow incorrectly handled certain BLP files. If a user or automated system \nwere tricked into opening a specially-crafted BLP file, a remote attacker \ncould possibly cause Pillow to consume resources, resulting in a denial of \nservice. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and \nUbuntu 20.10. (CVE-2021-27921)\n\nJiayi Lin, Luke Shaffer, Xinran Xie, and Akshay Ajayan discovered that \nPillow incorrectly handled certain ICNS files. If a user or automated \nsystem were tricked into opening a specially-crafted ICNS file, a remote \nattacker could possibly cause Pillow to consume resources, resulting in a \ndenial of service. (CVE-2021-27922)\n\nJiayi Lin, Luke Shaffer, Xinran Xie, and Akshay Ajayan discovered that \nPillow incorrectly handled certain ICO files. If a user or automated \nsystem were tricked into opening a specially-crafted ICO file, a remote \nattacker could possibly cause Pillow to consume resources, resulting in a \ndenial of service. (CVE-2021-27922)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-03-11T00:00:00", "type": "ubuntu", "title": "Pillow vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27922", "CVE-2021-25292", "CVE-2021-27923", "CVE-2021-25289", "CVE-2021-25290", "CVE-2021-25293", "CVE-2021-25291", "CVE-2021-27921"], "modified": "2021-03-11T00:00:00", "id": "USN-4763-1", "href": "https://ubuntu.com/security/notices/USN-4763-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-04T11:01:58", "description": "It was discovered that Pillow incorrectly handled certain PCX image files. \nIf a user or automated system were tricked into opening a specially-crafted \nPCX file, a remote attacker could possibly cause Pillow to crash, \nresulting in a denial of service. (CVE-2020-35653)\n\nIt was discovered that Pillow incorrectly handled certain Tiff image files. \nIf a user or automated system were tricked into opening a specially-crafted \nTiff file, a remote attacker could cause Pillow to crash, resulting in a \ndenial of service, or possibly execute arbitrary code. This issue only \naffected Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2020-35654)\n\nIt was discovered that Pillow incorrectly handled certain SGI image files. \nIf a user or automated system were tricked into opening a specially-crafted \nSGI file, a remote attacker could possibly cause Pillow to crash, \nresulting in a denial of service. This issue only affected Ubuntu 18.04 \nLTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. (CVE-2020-35655)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-01-18T00:00:00", "type": "ubuntu", "title": "Pillow vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-35653", "CVE-2020-35655", "CVE-2020-35654"], "modified": "2021-01-18T00:00:00", "id": "USN-4697-1", "href": "https://ubuntu.com/security/notices/USN-4697-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2022-04-18T12:40:10", "description": "An update that fixes 13 vulnerabilities is now available.\n\nDescription:\n\n This update for python-CairoSVG, python-Pillow fixes the following issues:\n\n Update to version 2.5.1.\n\n * Security fix: When processing SVG files, CairoSVG was using two regular\n expressions which are vulnerable to Regular Expression Denial of Service\n (REDoS). If an attacker provided a malicious SVG, it could make CairoSVG\n get stuck processing the file for a very long time.\n * Fix marker positions for unclosed paths\n * Follow hint when only output_width or output_height is set\n * Handle opacity on raster images\n * Don\ufffd\ufffd\ufffdt crash when use tags reference unknown tags\n * Take care of the next letter when A/a is replaced by l\n * Fix misalignment in node.vertices\n\n Updates for version 2.5.0.\n\n * Drop support of Python 3.5, add support of Python 3.9.\n * Add EPS export\n * Add background-color, negate-colors, and invert-images options\n * Improve support for font weights\n * Fix opacity of patterns and gradients\n * Support auto-start-reverse value for orient\n * Draw images contained in defs\n * Add Exif transposition support\n * Handle dominant-baseline\n * Support transform-origin\n\n python-Pillow update to version 8.3.1:\n\n * Catch OSError when checking if fp is sys.stdout #5585 [radarhere]\n * Handle removing orientation from alternate types of EXIF data #5584\n [radarhere]\n * Make Image.__array__ take optional dtype argument #5572 [t-vi, radarhere]\n\n * Use snprintf instead of sprintf. CVE-2021-34552 #5567 [radarhere]\n * Limit TIFF strip size when saving with LibTIFF #5514 [kmilos]\n * Allow ICNS save on all operating systems #4526 [baletu, radarhere,\n newpanjing, hugovk]\n * De-zigzag JPEG's DQT when loading; deprecate convert_dict_qtables #4989\n [gofr, radarhere]\n * Replaced xml.etree.ElementTree #5565 [radarhere]\n * Moved CVE image to pillow-depends #5561 [radarhere]\n * Added tag data for IFD groups #5554 [radarhere]\n * Improved ImagePalette #5552 [radarhere]\n * Add DDS saving #5402 [radarhere]\n * Improved getxmp() #5455 [radarhere]\n * Convert to float for comparison with float in IFDRational __eq__ #5412\n [radarhere]\n * Allow getexif() to access TIFF tag_v2 data #5416 [radarhere]\n * Read FITS image mode and size #5405 [radarhere]\n * Merge parallel horizontal edges in ImagingDrawPolygon #5347 [radarhere,\n hrdrq]\n * Use transparency behind first GIF frame and when disposing to background\n #5557 [radarhere, zewt]\n * Avoid unstable nature of qsort in Quant.c #5367 [radarhere]\n * Copy palette to new images in ImageOps expand #5551 [radarhere]\n * Ensure palette string matches RGB mode #5549 [radarhere]\n * Do not modify EXIF of original image instance in exif_transpose() #5547\n [radarhere]\n * Fixed default numresolution for small JPEG2000 images #5540 [radarhere]\n * Added DDS BC5 reading #5501 [radarhere]\n * Raise an error if ImageDraw.textbbox is used without a TrueType font\n #5510 [radarhere]\n * Added ICO saving in BMP format #5513 [radarhere]\n * Ensure PNG seeks to end of previous chunk at start of load_end #5493\n [radarhere]\n * Do not allow TIFF to seek to a past frame #5473 [radarhere]\n * Avoid race condition when displaying images with eog #5507 [mconst]\n * Added specific error messages when ink has incorrect number of bands\n #5504 [radarhere]\n * Allow converting an image to a numpy array to raise errors #5379\n [radarhere]\n * Removed DPI rounding from BMP, JPEG, PNG and WMF loading #5476, #5470\n [radarhere]\n * Remove spikes when drawing thin pieslices #5460 [xtsm]\n * Updated default value for SAMPLESPERPIXEL TIFF tag #5452 [radarhere]\n * Removed TIFF DPI rounding #5446 [radarhere, hugovk]\n * Include code in WebP error #5471 [radarhere]\n * Do not alter pixels outside mask when drawing text on an image with\n transparency #5434 [radarhere]\n * Reset handle when seeking backwards in TIFF #5443 [radarhere]\n * Replace sys.stdout with sys.stdout.buffer when saving #5437 [radarhere]\n * Fixed UNDEFINED TIFF tag of length 0 being changed in roundtrip #5426\n [radarhere]\n * Fixed bug when checking FreeType2 version if it is not installed #5445\n [radarhere]\n * Do not round dimensions when saving PDF #5459 [radarhere]\n * Added ImageOps contain() #5417 [radarhere, hugovk]\n * Changed WebP default \"method\" value to 4 #5450 [radarhere]\n * Switched to saving 1-bit PDFs with DCTDecode #5430 [radarhere]\n * Use bpp from ICO header #5429 [radarhere]\n * Corrected JPEG APP14 transform value #5408 [radarhere]\n * Changed TIFF tag 33723 length to 1 #5425 [radarhere]\n * Changed ImageMorph incorrect mode errors to ValueError #5414 [radarhere]\n * Add EXIF tags specified in EXIF 2.32 #5419 [gladiusglad]\n * Treat previous contents of first GIF frame as transparent #5391\n [radarhere]\n * For special image modes, revert default resize resampling to NEAREST\n #5411 [radarhere]\n * JPEG2000: Support decoding subsampled RGB and YCbCr images #4996\n [nulano, radarhere]\n * Stop decoding BC1 punchthrough alpha in BC2&3 #4144 [jansol]\n * Use zero if GIF background color index is missing #5390 [radarhere]\n * Fixed ensuring that GIF previous frame was loaded #5386 [radarhere]\n * Valgrind fixes #5397 [wiredfool]\n * Round down the radius in rounded_rectangle #5382 [radarhere]\n * Fixed reading uncompressed RGB data from DDS #5383 [radarhere]\n\n update to version 8.2.0:\n\n * Added getxmp() method #5144 [UrielMaD, radarhere]\n * Add ImageShow support for GraphicsMagick #5349 [latosha-maltba,\n radarhere]\n * Do not load transparent pixels from subsequent GIF frames #5333 [zewt,\n radarhere]\n * Use LZW encoding when saving GIF images #5291 [raygard]\n * Set all transparent colors to be equal in quantize() #5282 [radarhere]\n * Allow PixelAccess to use Python __int__ when parsing x and y #5206\n [radarhere]\n * Removed Image._MODEINFO #5316 [radarhere]\n * Add preserve_tone option to autocontrast #5350 [elejke, radarhere]\n * Fixed linear_gradient and radial_gradient I and F modes #5274 [radarhere]\n * Add support for reading TIFFs with PlanarConfiguration=2 #5364\n [kkopachev, wiredfool, nulano]\n * Deprecated categories #5351 [radarhere]\n * Do not premultiply alpha when resizing with Image.NEAREST resampling\n #5304 [nulano]\n * Dynamically link FriBiDi instead of Raqm #5062 [nulano]\n * Allow fewer PNG palette entries than the bit depth maximum when saving\n #5330 [radarhere]\n * Use duration from info dictionary when saving WebP #5338 [radarhere]\n * Stop flattening EXIF IFD into getexif() #4947 [radarhere, kkopachev]\n * Replaced tiff_deflate with tiff_adobe_deflate compression when saving\n TIFF images #5343 [radarhere]\n * Save ICC profile from TIFF encoderinfo #5321 [radarhere]\n * Moved RGB fix inside ImageQt class #5268 [radarhere]\n * Allow alpha_composite destination to be negative #5313 [radarhere]\n * Ensure file is closed if it is opened by ImageQt.ImageQt #5260\n [radarhere]\n * Added ImageDraw rounded_rectangle method #5208 [radarhere]\n * Added IPythonViewer #5289 [radarhere, Kipkurui-mutai]\n * Only draw each rectangle outline pixel once #5183 [radarhere]\n * Use mmap instead of built-in Win32 mapper #5224 [radarhere, cgohlke]\n * Handle PCX images with an odd stride #5214 [radarhere]\n * Only read different sizes for \"Large Thumbnail\" MPO frames #5168\n [radarhere]\n * Added PyQt6 support #5258 [radarhere]\n * Changed Image.open formats parameter to be case-insensitive #5250\n [Piolie, radarhere]\n * Deprecate Tk/Tcl 8.4, to be removed in Pillow 10 (2023-01-02) #5216\n [radarhere]\n * Added tk version to pilinfo #5226 [radarhere, nulano]\n * Support for ignoring tests when running valgrind #5150 [wiredfool,\n radarhere, hugovk]\n * OSS-Fuzz support #5189 [wiredfool, radarhere]\n\n update to 8.1.2:\n\n - Fix Memory DOS in BLP (CVE-2021-27921), ICNS (CVE-2021-27922) and ICO\n (CVE-2021-27923) Image Plugins\n\n Update to 8.1.1\n\n - Security\n\n * CVE-2021-25289: The previous fix for CVE-2020-35654 was insufficent due\n to incorrect error checking in TiffDecode.c.\n * CVE-2021-25290: In TiffDecode.c, there is a negative-offset memcpy with\n an invalid size\n * CVE-2021-25291: In TiffDecode.c, invalid tile boundaries could lead to\n an OOB Read in TiffReadRGBATile\n * CVE-2021-25292: The PDF parser has a catastrophic backtracking regex\n that could be used as a DOS attack.\n * CVE-2021-25293: There is an Out of Bounds Read in SGIRleDecode.c, since\n pillow 4.3.0.\n\n There is an Exhaustion of Memory DOS in the ICNS, ICO, and BLP container\n formats where Pillow did not properly check the reported size of the\n contained image. These images could cause arbitrariliy large memory\n allocations. This was reported by Jiayi Lin, Luke Shaffer, Xinran Xie, and\n Akshay Ajayan of ASU.edu.\n\n Other Changes\n\n - A crash with the feature flags for LibJpeg and Webp on unreleased Python\n 3.10 has been fixed\n\n - Fix rpmlint warning about duplicate file definition\n - Fix package build by relying on %python_subpackages for\n Obsoletes/Conflicts (boo#1181281)\n\n update to 8.1.0 (boo#1180833, boo#1180834, boo#1180832):\n\n * Fix TIFF OOB Write error. CVE-2020-35654\n * Fix for Read Overflow in PCX Decoding. CVE-2020-35653\n * Fix for SGI Decode buffer overrun. CVE-2020-35655\n * Fix OOB Read when saving GIF of xsize=1\n * Makefile updates\n * Add support for PySide6\n * Use disposal settings from previous frame in APNG\n * Added exception explaining that _repr_png_ saves to PNG\n * Use previous disposal method in GIF load_end\n * Allow putpalette to accept 1024 integers to include alpha values\n * Fix OOB Read when writing TIFF with custom Metadata\n * Added append_images support for ICO\n * Block TIFFTAG_SUBIFD\n * Fixed dereferencing potential null pointers\n * Deprecate FreeType 2.7\n * Moved warning to end of execution\n * Removed unused fromstring and tostring C methods\n * init() if one of the formats is unrecognised\n * Moved string_dimension CVE image to pillow-depends\n * Support raw rgba8888 for DDS\n\n update to version 8.0.1:\n\n * Update FreeType used in binary wheels to 2.10.4 to fix CVE-2020-15999.\n [radarhere]\n * Moved string_dimension image to pillow-depends #4993 [radarhere]\n\n changes from version 8.0.0:\n\n * Drop support for EOL Python 3.5 #4746, #4794 [hugovk, radarhere, nulano]\n * Drop support for PyPy3 < 7.2.0 #4964 [nulano]\n * Remove ImageCms.CmsProfile attributes deprecated since 3.2.0 #4768\n [hugovk, radarhere]\n * Remove long-deprecated Image.py functions #4798 [hugovk, nulano,\n radarhere]\n * Add support for 16-bit precision JPEG quantization values #4918 [gofr]\n * Added reading of IFD tag type #4979 [radarhere]\n * Initialize offset memory for PyImagingPhotoPut #4806 [nqbit]\n * Fix TiffDecode comparison warnings #4756 [nulano]\n * Docs: Add dark mode #4968 [hugovk, nulano]\n * Added macOS SDK install path to library and include directories #4974\n [radarhere, fxcoudert]\n * Imaging.h: prevent confusion with system #4923 [ax3l, ,radarhere]\n * Avoid using pkg_resources in PIL.features.pilinfo #4975 [nulano]\n * Add getlength and getbbox functions for TrueType fonts #4959 [nulano,\n radarhere, hugovk]\n * Allow tuples with one item to give single color value in getink #4927\n [radarhere, nulano]\n * Add support for CBDT and COLR fonts #4955 [nulano, hugovk]\n * Removed OSError in favour of DecompressionBombError for BMP #4966\n [radarhere]\n * Implemented another ellipse drawing algorithm #4523 [xtsm, radarhere]\n * Removed unused JpegImagePlugin._fixup_dict function #4957 [radarhere]\n * Added reading and writing of private PNG chunks #4292 [radarhere]\n * Implement anchor for TrueType fonts #4930 [nulano, hugovk]\n * Fixed bug in Exif __delitem__ #4942 [radarhere]\n * Fix crash in ImageTk.PhotoImage on MinGW 64-bit #4946 [nulano]\n * Moved CVE images to pillow-depends #4929 [radarhere]\n * Refactor font_getsize and font_render #4910 [nulano]\n * Fixed loading profile with non-ASCII path on Windows #4914 [radarhere]\n * Fixed effect_spread bug for zero distance #4908 [radarhere, hugovk]\n * Added formats parameter to Image.open #4837 [nulano, radarhere]\n * Added regular_polygon draw method #4846 [comhar]\n * Raise proper TypeError in putpixel #4882 [nulano, hugovk]\n * Added writing of subIFDs #4862 [radarhere]\n * Fix IFDRational __eq__ bug #4888 [luphord, radarhere]\n * Fixed duplicate variable name #4885 [liZe, radarhere]\n * Added homebrew zlib include directory #4842 [radarhere]\n * Corrected inverted PDF CMYK colors #4866 [radarhere]\n * Do not try to close file pointer if file pointer is empty #4823\n [radarhere]\n * ImageOps.autocontrast: add mask parameter #4843 [navneeth, hugovk]\n * Read EXIF data tEXt chunk into info as bytes instead of string #4828\n [radarhere]\n * Replaced distutils with setuptools #4797, #4809, #4814, #4817, #4829,\n #4890 [hugovk, radarhere]\n * Add MIME type to PsdImagePlugin #4788 [samamorgan]\n * Allow ImageOps.autocontrast to specify low and high cutoffs separately\n #4749 [millionhz, radarhere]\n\n update to version 7.2.0:\n\n * Do not convert I;16 images when showing PNGs #4744 [radarhere]\n * Fixed ICNS file pointer saving #4741 [radarhere]\n * Fixed loading non-RGBA mode APNGs with dispose background #4742\n [radarhere]\n * Deprecated _showxv #4714 [radarhere]\n * Deprecate Image.show(command=\"...\") #4646 [nulano, hugovk, radarhere]\n * Updated JPEG magic number #4707 [Cykooz, radarhere]\n * Change STRIPBYTECOUNTS to LONG if necessary when saving #4626\n [radarhere, hugovk]\n * Write JFIF header when saving JPEG #4639 [radarhere]\n * Replaced tiff_jpeg with jpeg compression when saving TIFF images #4627\n [radarhere]\n * Writing TIFF tags: improved BYTE, added UNDEFINED #4605 [radarhere]\n * Consider transparency when pasting text on an RGBA image #4566\n [radarhere]\n * Added method argument to single frame WebP saving #4547 [radarhere]\n * Use ImageFileDirectory_v2 in Image.Exif #4637 [radarhere]\n * Corrected reading EXIF metadata without prefix #4677 [radarhere]\n * Fixed drawing a jointed line with a sequence of numeric values #4580\n [radarhere]\n * Added support for 1-D NumPy arrays #4608 [radarhere]\n * Parse orientation from XMP tags #4560 [radarhere]\n * Speed up text layout by not rendering glyphs #4652 [nulano]\n * Fixed ZeroDivisionError in Image.thumbnail #4625 [radarhere]\n * Replaced TiffImagePlugin DEBUG with logging #4550 [radarhere]\n * Fix repeatedly loading .gbr #4620 [ElinksFr, radarhere]\n * JPEG: Truncate icclist instead of setting to None #4613 [homm]\n * Fixes default offset for Exif #4594 [rodrigob, radarhere]\n * Fixed bug when unpickling TIFF images #4565 [radarhere]\n * Fix pickling WebP #4561 [hugovk, radarhere]\n * Replace IOError and WindowsError aliases with OSError #4536 [hugovk,\n radarhere]\n\n Update to 7.1.2:\n\n * This fixes a regression introduced in 7.1.0 when adding support for APNG\n files.\n * When calling seek(n) on a regular PNG where n > 0, it failed to raise an\n EOFError as it should have done\n\n update to version 7.1.1:\n\n * Fix regression seeking and telling PNGs #4512 #4514 [hugovk, radarhere]\n\n changes from version 7.1.0:\n\n * Fix multiple OOB reads in FLI decoding #4503 [wiredfool]\n * Fix buffer overflow in SGI-RLE decoding #4504 [wiredfool, hugovk]\n * Fix bounds overflow in JPEG 2000 decoding #4505 [wiredfool]\n * Fix bounds overflow in PCX decoding #4506 [wiredfool]\n * Fix 2 buffer overflows in TIFF decoding #4507 [wiredfool]\n * Add APNG support #4243 [pmrowla, radarhere, hugovk]\n * ImageGrab.grab() for Linux with XCB #4260 [nulano, radarhere]\n * Added three new channel operations #4230 [dwastberg, radarhere]\n * Prevent masking of Image reduce method in Jpeg2KImagePlugin #4474\n [radarhere, homm]\n * Added reading of earlier ImageMagick PNG EXIF data #4471 [radarhere]\n * Fixed endian handling for I;16 getextrema #4457 [radarhere]\n * Release buffer if function returns prematurely #4381 [radarhere]\n * Add JPEG comment to info dictionary #4455 [radarhere]\n * Fix size calculation of Image.thumbnail() #4404 [orlnub123]\n * Fixed stroke on FreeType < 2.9 #4401 [radarhere]\n * If present, only use alpha channel for bounding box #4454 [radarhere]\n * Warn if an unknown feature is passed to features.check() #4438\n [jdufresne]\n * Fix Name field length when saving IM images #4424 [hugovk, radarhere]\n * Allow saving of zero quality JPEG images #4440 [radarhere]\n * Allow explicit zero width to hide outline #4334 [radarhere]\n * Change ContainerIO return type to match file object mode #4297\n [jdufresne, radarhere]\n * Only draw each polygon pixel once #4333 [radarhere]\n * Add support for shooting situation Exif IFD tags #4398 [alexagv]\n * Handle multiple and malformed JPEG APP13 markers #4370 [homm]\n * Depends: Update libwebp to 1.1.0 #4342, libjpeg to 9d #4352 [radarhere]\n\n update to version 7.0.0:\n\n * Drop support for EOL Python 2.7 #4109 [hugovk, radarhere, jdufresne]\n * Fix rounding error on RGB to L conversion #4320 [homm]\n * Exif writing fixes: Rational boundaries and signed/unsigned types #3980\n [kkopachev, radarhere]\n * Allow loading of WMF images at a given DPI #4311 [radarhere]\n * Added reduce operation #4251 [homm]\n * Raise ValueError for io.StringIO in Image.open #4302 [radarhere, hugovk]\n * Fix thumbnail geometry when DCT scaling is used #4231 [homm, radarhere]\n * Use default DPI when exif provides invalid x_resolution #4147 [beipang2,\n radarhere]\n * Change default resize resampling filter from NEAREST to BICUBIC #4255\n [homm]\n * Fixed black lines on upscaled images with the BOX filter #4278 [homm]\n * Better thumbnail aspect ratio preservation #4256 [homm]\n * Add La mode packing and unpacking #4248 [homm]\n * Include tests in coverage reports #4173 [hugovk]\n * Handle broken Photoshop data #4239 [radarhere]\n * Raise a specific exception if no data is found for an MPO frame #4240\n [radarhere]\n * Fix Unicode support for PyPy #4145 [nulano]\n * Added UnidentifiedImageError #4182 [radarhere, hugovk]\n * Remove deprecated __version__ from plugins #4197 [hugovk, radarhere]\n * Fixed freeing unallocated pointer when resizing with height too large\n #4116 [radarhere]\n * Copy info in Image.transform #4128 [radarhere]\n * Corrected DdsImagePlugin setting info gamma #4171 [radarhere]\n * Depends: Update libtiff to 4.1.0 #4195, Tk Tcl to 8.6.10 #4229,\n libimagequant to 2.12.6 #4318 [radarhere]\n * Improve handling of file resources #3577 [jdufresne]\n * Removed CI testing of Fedora 29 #4165 [hugovk]\n * Added pypy3 to tox envlist #4137 [jdufresne]\n * Drop support for EOL PyQt4 and PySide #4108 [hugovk, radarhere]\n * Removed deprecated setting of TIFF image sizes #4114 [radarhere]\n * Removed deprecated PILLOW_VERSION #4107 [hugovk]\n * Changed default frombuffer raw decoder args #1730 [radarhere]\n\n Update to 6.2.1:\n\n * Pillow 6.2.1 supports Python 3.8.\n\n\n Update to 6.2.0:\n\n * text stroking\n * image grab on multi-monitor windows\n * Full notes:\n https://pillow.readthedocs.io/en/stable/releasenotes/6.2.0.html\n\n update to version 6.1.0:\n\n * Deprecate Image.__del__ #3929 [jdufresne]\n * Tiff: Add support for JPEG quality #3886 [olt]\n * Respect the PKG_CONFIG environment variable when building #3928 [chewi]\n * Use explicit memcpy() to avoid unaligned memory accesses #3225 [DerDakon]\n * Improve encoding of TIFF tags #3861 [olt]\n * Update Py_UNICODE to Py_UCS4 #3780 [nulano]\n * Consider I;16 pixel size when drawing #3899 [radarhere]\n * Add TIFFTAG_SAMPLEFORMAT to blocklist #3926 [cgohlke, radarhere]\n * Create GIF deltas from background colour of GIF frames if disposal mode\n is 2 #3708 [sircinnamon, radarhere]\n * Added ImageSequence all_frames #3778 [radarhere]\n * Use unsigned int to store TIFF IFD offsets #3923 [cgohlke]\n * Include CPPFLAGS when searching for libraries #3819 [jefferyto]\n * Updated TIFF tile descriptors to match current decoding functionality\n #3795 [dmnisson]\n * Added an image.entropy() method (second revision) #3608 [fish2000]\n * Pass the correct types to PyArg_ParseTuple #3880 [QuLogic]\n * Fixed crash when loading non-font bytes #3912 [radarhere]\n * Fix SPARC memory alignment issues in Pack/Unpack functions #3858\n [kulikjak]\n * Added CMYK;16B and CMYK;16N unpackers #3913 [radarhere]\n * Fixed bugs in calculating text size #3864 [radarhere]\n * Add __main__.py to output basic format and support information #3870\n [jdufresne]\n * Added variation font support #3802 [radarhere]\n * Do not down-convert if image is LA when showing with PNG format #3869\n [radarhere]\n * Improve handling of PSD frames #3759 [radarhere]\n * Improved ICO and ICNS loading #3897 [radarhere]\n * Changed Preview application path so that it is no longer static #3896\n [radarhere]\n * Corrected ttb text positioning #3856 [radarhere]\n * Handle unexpected ICO image sizes #3836 [radarhere]\n * Fixed bits value for RGB;16N unpackers #3837 [kkopachev]\n * Travis CI: Add Fedora 30, remove Fedora 28 #3821 [hugovk]\n * Added reading of CMYK;16L TIFF images #3817 [radarhere]\n * Fixed dimensions of 1-bit PDFs #3827 [radarhere]\n * Fixed opening mmap image through Path on Windows #3825 [radarhere]\n * Fixed ImageDraw arc gaps #3824 [radarhere]\n * Expand GIF to include frames with extents outside the image size #3822\n [radarhere]\n * Fixed ImageTk getimage #3814 [radarhere]\n * Fixed bug in decoding large images #3791 [radarhere]\n * Fixed reading APP13 marker without Photoshop data #3771 [radarhere]\n * Added option to include layered windows in ImageGrab.grab on Windows\n #3808 [radarhere]\n * Detect libimagequant when installed by pacman on MingW #3812 [radarhere]\n * Fixed raqm layout bug #3787 [radarhere]\n * Fixed loading font with non-Unicode path on Windows #3785 [radarhere]\n * Travis CI: Upgrade PyPy from 6.0.0 to 7.1.1 #3783 [hugovk, johnthagen]\n * Depends: Updated openjpeg to 2.3.1 #3794, raqm to 0.7.0 #3877,\n libimagequant to 2.12.3 #3889 [radarhere]\n * Fix numpy bool bug #3790 [radarhere]\n\n Update to 6.0.0:\n\n * Python 2.7 support will be removed in Pillow 7.0.0 #3682 [hugovk]\n * Add EXIF class #3625 [radarhere]\n * Add ImageOps exif_transpose method #3687 [radarhere]\n * Added warnings to deprecated CMSProfile attributes #3615 [hugovk]\n * Documented reading TIFF multiframe images #3720 [akuchling]\n * Improved speed of opening an MPO file #3658 [Glandos]\n * Update palette in quantize #3721 [radarhere]\n * Improvements to TIFF is_animated and n_frames #3714 [radarhere]\n * Fixed incompatible pointer type warnings #3754 [radarhere]\n * Improvements to PA and LA conversion and palette operations #3728\n [radarhere]\n * Consistent DPI rounding #3709 [radarhere]\n * Change size of MPO image to match frame #3588 [radarhere]\n * Read Photoshop resolution data #3701 [radarhere]\n * Ensure image is mutable before saving #3724 [radarhere]\n * Correct remap_palette documentation #3740 [radarhere]\n * Promote P images to PA in putalpha #3726 [radarhere]\n * Allow RGB and RGBA values for new P images #3719 [radarhere]\n * Fixed TIFF bug when seeking backwards and then forwards #3713 [radarhere]\n * Cache EXIF information #3498 [Glandos]\n * Added transparency for all PNG greyscale modes #3744 [radarhere]\n * Fix deprecation warnings in Python 3.8 #3749 [radarhere]\n * Fixed GIF bug when rewinding to a non-zero frame #3716 [radarhere]\n * Only close original fp in __del__ and __exit__ if original fp is\n exclusive #3683 [radarhere]\n * Fix BytesWarning in Tests/test_numpy.py #3725 [jdufresne]\n * Add missing MIME types and extensions #3520 [pirate486743186]\n * Add I;16 PNG save #3566 [radarhere]\n * Add support for BMP RGBA bitfield compression #3705 [radarhere]\n * Added ability to set language for text rendering #3693 [iwsfutcmd]\n * Only close exclusive fp on Image __exit__ #3698 [radarhere]\n * Changed EPS subprocess stdout from devnull to None #3635 [radarhere]\n * Add reading old-JPEG compressed TIFFs #3489 [kkopachev]\n * Add EXIF support for PNG #3674 [radarhere]\n * Add option to set dither param on quantize #3699 [glasnt]\n * Add reading of DDS uncompressed RGB data #3673 [radarhere]\n * Correct length of Tiff BYTE tags #3672 [radarhere]\n * Add DIB saving and loading through Image open #3691 [radarhere]\n * Removed deprecated VERSION #3624 [hugovk]\n * Fix 'BytesWarning: Comparison between bytes and string' in PdfDict #3580\n [jdufresne]\n * Do not resize in Image.thumbnail if already the destination size #3632\n [radarhere]\n * Replace .seek() magic numbers with io.SEEK_* constants #3572 [jdufresne]\n * Make ContainerIO.isatty() return a bool, not int #3568 [jdufresne]\n * Add support to all transpose operations for I;16 modes #3563, #3741\n [radarhere]\n * Deprecate support for PyQt4 and PySide #3655 [hugovk, radarhere]\n * Add TIFF compression codecs: LZMA, Zstd, WebP #3555 [cgohlke]\n * Fixed pickling of iTXt class with protocol > 1 #3537 [radarhere]\n * _util.isPath returns True for pathlib.Path objects #3616 [wbadart]\n * Remove unnecessary unittest.main() boilerplate from test files #3631\n [jdufresne]\n * Exif: Seek to IFD offset #3584 [radarhere]\n * Deprecate PIL.*ImagePlugin.__version__ attributes #3628 [jdufresne]\n * Docs: Add note about ImageDraw operations that exceed image bounds #3620\n [radarhere]\n * Allow for unknown PNG chunks after image data #3558 [radarhere]\n * Changed EPS subprocess stdin from devnull to None #3611 [radarhere]\n * Fix possible integer overflow #3609 [cgohlke]\n * Catch BaseException for resource cleanup handlers #3574 [jdufresne]\n * Improve pytest configuration to allow specific tests as CLI args #3579\n [jdufresne]\n * Drop support for Python 3.4 #3596 [hugovk]\n * Remove deprecated PIL.OleFileIO #3598 [hugovk]\n * Remove deprecated ImageOps undocumented functions #3599 [hugovk]\n * Depends: Update libwebp to 1.0.2 #3602 [radarhere]\n * Detect MIME types #3525 [radarhere]\n\n update to version 5.4.1:\n\n * File closing: Only close __fp if not fp #3540 [radarhere]\n * Fix build for Termux #3529 [pslacerda]\n * PNG: Detect MIME types #3525 [radarhere]\n * PNG: Handle IDAT chunks after image end #3532 [radarhere]\n\n changes from version 5.4.0:\n\n * Docs: Improved ImageChops documentation #3522 [radarhere]\n * Allow RGB and RGBA values for P image putpixel #3519 [radarhere]\n * Add APNG extension to PNG plugin #3501 [pirate486743186, radarhere]\n * Lookup ld.so.cache instead of hardcoding search paths #3245 [pslacerda]\n * Added custom string TIFF tags #3513 [radarhere]\n * Improve setup.py configuration #3395 [diorcety]\n * Read textual chunks located after IDAT chunks for PNG #3506 [radarhere]\n * Performance: Don't try to hash value if enum is empty #3503 [Glandos]\n * Added custom int and float TIFF tags #3350 [radarhere]\n * Fixes for issues reported by static code analysis #3393 [frenzymadness]\n * GIF: Wait until mode is normalized to copy im.info into encoderinfo\n #3187 [radarhere]\n * Docs: Add page of deprecations and removals #3486 [hugovk]\n * Travis CI: Upgrade PyPy from 5.8.0 to 6.0 #3488 [hugovk]\n * Travis CI: Allow lint job to fail #3467 [hugovk]\n * Resolve __fp when closing and deleting #3261 [radarhere]\n * Close exclusive fp before discarding #3461 [radarhere]\n * Updated open files documentation #3490 [radarhere]\n * Added libjpeg_turbo to check_feature #3493 [radarhere]\n * Change color table index background to tuple when saving as WebP #3471\n [radarhere]\n * Allow arbitrary number of comment extension subblocks #3479 [radarhere]\n * Ensure previous FLI frame is loaded before seeking to the next #3478\n [radarhere]\n * ImageShow improvements #3450 [radarhere]\n * Depends: Update libimagequant to 2.12.2 #3442, libtiff to 4.0.10 #3458,\n libwebp to 1.0.1 #3468, Tk Tcl to 8.6.9 #3465 [radarhere]\n * Check quality_layers type #3464 [radarhere]\n * Add context manager, __del__ and close methods to TarIO #3455 [radarhere]\n * Test: Do not play sound when running screencapture command #3454\n [radarhere]\n * Close exclusive fp on open exception #3456 [radarhere]\n * Only close existing fp in WebP if fp is exclusive #3418 [radarhere]\n * Docs: Re-add the downloads badge #3443 [hugovk]\n * Added negative index to PixelAccess #3406 [Nazime]\n * Change tuple background to global color table index when saving as GIF\n #3385 [radarhere]\n * Test: Improved ImageGrab tests #3424 [radarhere]\n * Flake8 fixes #3422, #3440 [radarhere, hugovk]\n * Only ask for YCbCr->RGB libtiff conversion for jpeg-compressed tiffs\n #3417 [kkopachev]\n * Optimise ImageOps.fit by combining resize and crop #3409 [homm]\n\n update to version 5.3.0:\n\n * Changed Image size property to be read-only by default #3203 [radarhere]\n * Add warnings if image file identification fails due to lack of WebP\n support #3169 [radarhere, hugovk]\n * Hide the Ghostscript progress dialog popup on Windows #3378 [hugovk]\n * Adding support to reading tiled and YcbCr jpeg tiffs through libtiff\n #3227 [kkopachev]\n * Fixed None as TIFF compression argument #3310 [radarhere]\n * Changed GIF seek to remove previous info items #3324 [radarhere]\n * Improved PDF document info #3274 [radarhere]\n * Add line width parameter to rectangle and ellipse-based shapes #3094\n [hugovk, radarhere]\n * Fixed decompression bomb check in _crop #3313 [dinkolubina, hugovk]\n * Added support to ImageDraw.floodfill for non-RGB colors #3377 [radarhere]\n * Tests: Avoid catching unexpected exceptions in tests #2203 [jdufresne]\n * Use TextIOWrapper.detach() instead of NoCloseStream #2214 [jdufresne]\n * Added transparency to matrix conversion #3205 [radarhere]\n * Added ImageOps pad method #3364 [radarhere]\n * Give correct extrema for I;16 format images #3359 [bz2]\n * Added PySide2 #3279 [radarhere]\n * Corrected TIFF tags #3369 [radarhere]\n * CI: Install CFFI and pycparser without any PYTHONOPTIMIZE #3374 [hugovk]\n * Read/Save RGB webp as RGB (instead of RGBX) #3298 [kkopachev]\n * ImageDraw: Add line joints #3250 [radarhere]\n * Improved performance of ImageDraw floodfill method #3294 [yo1995]\n * Fix builds with --parallel #3272 [hsoft]\n * Add more raw Tiff modes (RGBaX, RGBaXX, RGBAX, RGBAXX) #3335 [homm]\n * Close existing WebP fp before setting new fp #3341 [radarhere]\n * Add orientation, compression and id_section as TGA save keyword\n arguments #3327 [radarhere]\n * Convert int values of RATIONAL TIFF tags to floats #3338 [radarhere,\n wiredfool]\n * Fix code for PYTHONOPTIMIZE #3233 [hugovk]\n * Changed ImageFilter.Kernel to subclass ImageFilter.BuiltinFilter,\n instead of the other way around #3273 [radarhere]\n * Remove unused draw.draw_line, draw.draw_point and font.getabc methods\n #3232 [hugovk]\n * Tests: Added ImageFilter tests #3295 [radarhere]\n * Tests: Added ImageChops tests #3230 [hugovk, radarhere]\n * AppVeyor: Download lib if not present in pillow-depends #3316 [radarhere]\n * Travis CI: Add Python 3.7 and Xenial #3234 [hugovk]\n * Docs: Added documentation for NumPy conversion #3301 [radarhere]\n * Depends: Update libimagequant to 2.12.1 #3281 [radarhere]\n * Add three-color support to ImageOps.colorize #3242 [tsennott]\n * Tests: Add LA to TGA test modes #3222 [danpla]\n * Skip outline if the draw operation fills with the same colour #2922\n [radarhere]\n * Flake8 fixes #3173, #3380 [radarhere]\n * Avoid deprecated 'U' mode when opening files #2187 [jdufresne]\n\n update to version 5.2.0:\n\n * Fixed saving a multiframe image as a single frame PDF #3137 [radarhere]\n * If a Qt version is already imported, attempt to use it first #3143\n [radarhere]\n * Fix transform fill color for alpha images #3147 [fozcode]\n * TGA: Add support for writing RLE data #3186 [danpla]\n * TGA: Read and write LA data #3178 [danpla]\n * QuantOctree.c: Remove erroneous attempt to average over an empty range\n #3196 [tkoeppe]\n * Changed ICNS format tests to pass on OS X 10.11 #3202 [radarhere]\n * Fixed bug in ImageDraw.multiline_textsize() #3114 [tianyu139]\n * Added getsize_multiline support for PIL.ImageFont #3113 [tianyu139]\n * Added ImageFile get_format_mimetype method #3190 [radarhere]\n * Changed mmap file pointer to use context manager #3216 [radarhere]\n * Changed ellipse point calculations to be more evenly distributed #3142\n [radarhere]\n * Only extract first Exif segment #2946 [hugovk]\n * Tests: Test ImageDraw2, WalImageFile #3135, #2989 [hugovk]\n * Remove unnecessary '#if 0' code #3075 [hugovk]\n * Tests: Added GD tests #1817 [radarhere]\n * Fix collections ABCs DeprecationWarning in Python 3.7 #3123 [hugovk]\n * unpack_from is faster than unpack of slice #3201 [landfillbaby]\n * Docs: Add coordinate system links and file handling links in\n documentation #3204, #3214 [radarhere]\n * Tests: TestFilePng: Fix test_save_l_transparency() #3182 [danpla]\n * Docs: Correct argument name #3171 [radarhere]\n * Docs: Update CMake download URL #3166 [radarhere]\n * Docs: Improve Image.transform documentation #3164 [radarhere]\n * Fix transform fillcolor argument when image mode is RGBA or LA #3163\n [radarhere]\n * Tests: More specific Exception testing #3158 [radarhere]\n * Add getrgb HSB/HSV color strings #3148 [radarhere]\n * Allow float values in getrgb HSL color string #3146 [radarhere]\n * AppVeyor: Upgrade to Python 2.7.15 and 3.4.4 #3140 [radarhere]\n * AppVeyor: Upgrade to PyPy 6.0.0 #3133 [hugovk]\n * Deprecate PILLOW_VERSION and VERSION #3090 [hugovk]\n * Support Python 3.7 #3076 [hugovk]\n * Depends: Update freetype to 2.9.1, libjpeg to 9c, libwebp to 1.0.0\n #3121, #3136, #3108 [radarhere]\n * Build macOS wheels with Xcode 6.4, supporting older macOS versions #3068\n [wiredfool]\n * Fix _i2f compilation on some GCC versions #3067 [homm]\n * Changed encoderinfo to have priority over info when saving GIF images\n #3086 [radarhere]\n * Rename PIL.version to PIL._version and remove it from module #3083 [homm]\n * Enable background colour parameter on rotate #3057 [storesource]\n * Remove unnecessary #if 1 directive #3072 [jdufresne]\n * Remove unused Python class, Path #3070 [jdufresne]\n * Fix dereferencing type-punned pointer will break strict-aliasing #3069\n [jdufresne]\n\n update to version 5.1.0:\n\n * Close fp before return in ImagingSavePPM #3061 [kathryndavies]\n * Added documentation for ICNS append_images #3051 [radarhere]\n * Docs: Move intro text below its header #3021 [hugovk]\n * CI: Rename appveyor.yml as .appveyor.yml #2978 [hugovk]\n * Fix TypeError for JPEG2000 parser feed #3042 [hugovk]\n * Certain corrupted jpegs can result in no data read #3023 [kkopachev]\n * Add support for BLP file format #3007 [jleclanche]\n * Simplify version checks #2998 [hugovk]\n * Fix \"invalid escape sequence\" warning on Python 3.6+ #2996 [timgraham]\n * Allow append_images to set .icns scaled images #3005 [radarhere]\n * Support appending to existing PDFs #2965 [vashek]\n * Fix and improve efficient saving of ICNS on macOS #3004 [radarhere]\n * Build: Enable pip cache in AppVeyor build #3009 [thijstriemstra]\n * Trim trailing whitespace #2985 [Metallicow]\n * Docs: Correct reference to Image.new method #3000 [radarhere]\n * Rearrange ImageFilter classes into alphabetical order #2990 [radarhere]\n * Test: Remove duplicate line #2983 [radarhere]\n * Build: Update AppVeyor PyPy version #3003 [radarhere]\n * Tiff: Open 8 bit Tiffs with 5 or 6 channels, discarding extra channels\n #2938 [homm]\n * Readme: Added Twitter badge #2930 [hugovk]\n * Removed __main__ code from ImageCms #2942 [radarhere]\n * Test: Changed assert statements to unittest calls #2961 [radarhere]\n * Depends: Update libimagequant to 2.11.10, raqm to 0.5.0, freetype to 2.9\n #3036, #3017, #2957 [radarhere]\n * Remove _imaging.crc32 in favor of builtin Python crc32 implementation\n #2935 [wiredfool]\n * Move Tk directory to src directory #2928 [hugovk]\n * Enable pip cache in Travis CI #2933 [jdufresne]\n * Remove unused and duplicate imports #2927 [radarhere]\n * Docs: Changed documentation references to 2.x to 2.7 #2921 [radarhere]\n * Fix memory leak when opening webp files #2974 [wiredfool]\n * Setup: Fix \"TypeError: 'NoneType' object is not iterable\" for PPC and\n CRUX #2951 [hugovk]\n * Setup: Add libdirs for ppc64le and armv7l #2968 [nehaljwani]\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2021-1134=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T00:00:00", "type": "suse", "title": "Security update for python-CairoSVG, python-Pillow (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999", "CVE-2020-35653", "CVE-2020-35654", "CVE-2020-35655", "CVE-2021-25289", "CVE-2021-25290", "CVE-2021-25291", "CVE-2021-25292", "CVE-2021-25293", "CVE-2021-27921", "CVE-2021-27922", "CVE-2021-27923", "CVE-2021-34552"], "modified": "2021-08-10T00:00:00", "id": "OPENSUSE-SU-2021:1134-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/N6MMS3NOFXF2TZBZ5M3EC6VOB65FRP4I/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T18:55:52", "description": "### Background\n\nPython Imaging Library (fork)\n\n### Description\n\nMultiple vulnerabilities have been discovered in Pillow. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Pillow users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-python/pillow-8.2.0\"", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-14T00:00:00", "type": "gentoo", "title": "Pillow: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-25287", "CVE-2021-25288", "CVE-2021-25289", "CVE-2021-25290", "CVE-2021-25291", "CVE-2021-25292", "CVE-2021-25293", "CVE-2021-27921", "CVE-2021-27922", "CVE-2021-27923", "CVE-2021-28675", "CVE-2021-28676", "CVE-2021-28677", "CVE-2021-28678"], "modified": "2021-07-14T00:00:00", "id": "GLSA-202107-33", "href": "https://security.gentoo.org/glsa/202107-33", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-17T19:00:17", "description": "### Background\n\nPython Imaging Library (fork)\n\n### Description\n\nMultiple vulnerabilities have been discovered in Pillow. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Pillow users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-python/pillow-8.1.0\"", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-01-11T00:00:00", "type": "gentoo", "title": "Pillow: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-35653", "CVE-2020-35654", "CVE-2020-35655"], "modified": "2021-01-11T00:00:00", "id": "GLSA-202101-08", "href": "https://security.gentoo.org/glsa/202101-08", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "f5": [{"lastseen": "2022-02-01T00:00:00", "description": "An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654. ([CVE-2021-25289](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25289>)) \n\nImpact\n\nThere is no impact; F5 products are not affected by this vulnerability.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-03T06:19:00", "type": "f5", "title": "Python Pillow vulnerability CVE-2021-25289", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-35654", "CVE-2021-25289"], "modified": "2021-06-03T06:19:00", "id": "F5:K14102355", "href": "https://support.f5.com/csp/article/K14102355", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "github": [{"lastseen": "2022-04-27T17:34:40", "description": "An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-29T16:35:16", "type": "github", "title": "Out of bounds write in Pillow", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-35654", "CVE-2021-25289"], "modified": "2021-12-02T17:48:13", "id": "GHSA-57H3-9RGR-C24M", "href": "https://github.com/advisories/GHSA-57h3-9rgr-c24m", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-22T11:54:16", "description": "An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-03-29T16:35:57", "type": "github", "title": "Out of bounds read in Pillow", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-25291"], "modified": "2021-12-02T15:31:14", "id": "GHSA-MVG9-XFFR-P774", "href": "https://github.com/advisories/GHSA-mvg9-xffr-p774", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-04-27T17:34:40", "description": "An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-29T16:35:27", "type": "github", "title": "Out of bounds read in Pillow", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-25293"], "modified": "2021-12-02T15:31:01", "id": "GHSA-P43W-G3C5-G5MQ", "href": "https://github.com/advisories/GHSA-p43w-g3c5-g5mq", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-04-27T17:34:40", "description": "An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-03-29T16:35:46", "type": "github", "title": "Regular Expression Denial of Service (ReDoS) in Pillow", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-25292"], "modified": "2021-12-02T17:47:59", "id": "GHSA-9HX2-HGQ2-2G4F", "href": "https://github.com/advisories/GHSA-9hx2-hgq2-2g4f", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-12-22T11:54:17", "description": "Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-03-18T19:55:13", "type": "github", "title": "Denial of Service by Uncontrolled Resource Consumption", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27921"], "modified": "2021-12-07T17:52:23", "id": "GHSA-F4W8-CV6P-X6R5", "href": "https://github.com/advisories/GHSA-f4w8-cv6p-x6r5", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-04-27T17:34:37", "description": "### Impact\n_Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large._\n\n### Patches\n_An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image._\n\n### Workarounds\n_An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image._\n\n### References\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-27921\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [example link to repo](http://example.com)\n* Email us at [example email address](mailto:example@example.com)", "cvss3": {}, "published": "2021-04-23T16:54:36", "type": "github", "title": "Uncontrolled Resource Consumption in pillow", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2021-27921"], "modified": "2021-04-23T16:54:36", "id": "GHSA-JGPV-4H4C-XHW3", "href": "https://github.com/advisories/GHSA-jgpv-4h4c-xhw3", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-12-22T11:54:17", "description": "In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-03-18T19:55:27", "type": "github", "title": "Out-of-bounds Write", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-35654"], "modified": "2021-03-18T19:55:27", "id": "GHSA-VQCJ-WRF2-7V73", "href": "https://github.com/advisories/GHSA-vqcj-wrf2-7v73", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-22T11:54:16", "description": "An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-03-29T16:35:36", "type": "github", "title": "Out-of-bounds Write in Pillow", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-25290"], "modified": "2021-12-06T21:37:00", "id": "GHSA-8XJQ-8FCG-G5HW", "href": "https://github.com/advisories/GHSA-8xjq-8fcg-g5hw", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-12-22T11:54:17", "description": "Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-03-18T19:54:43", "type": "github", "title": "Denial of Service by Uncontrolled Resource Consumption", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27923"], "modified": "2021-12-07T17:53:04", "id": "GHSA-95Q3-8GR9-GM8W", "href": "https://github.com/advisories/GHSA-95q3-8gr9-gm8w", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-12-22T11:54:17", "description": "Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-03-18T19:55:21", "type": "github", "title": "Uncontrolled Resource Consumption", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27922"], "modified": "2021-12-08T19:27:20", "id": "GHSA-3WVG-MJ6G-M9CV", "href": "https://github.com/advisories/GHSA-3wvg-mj6g-m9cv", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2022-03-23T15:19:42", "description": "An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-19T04:15:00", "type": "cve", "title": "CVE-2021-25289", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-35654", "CVE-2021-25289"], "modified": "2021-12-01T17:03:00", "cpe": [], "id": "CVE-2021-25289", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25289", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2022-03-23T15:19:45", "description": "An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-19T04:15:00", "type": "cve", "title": "CVE-2021-25291", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-25291"], "modified": "2021-12-01T16:23:00", "cpe": [], "id": "CVE-2021-25291", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25291", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": []}, {"lastseen": "2022-03-23T15:19:51", "description": "An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-19T04:15:00", "type": "cve", "title": "CVE-2021-25293", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-25293"], "modified": "2021-12-01T16:20:00", "cpe": [], "id": "CVE-2021-25293", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25293", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": []}, {"lastseen": "2022-03-23T15:19:49", "description": "An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-03-19T04:15:00", "type": "cve", "title": "CVE-2021-25292", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-25292"], "modified": "2021-12-01T16:22:00", "cpe": [], "id": "CVE-2021-25292", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25292", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": []}, {"lastseen": "2022-03-23T16:18:51", "description": "Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-03T09:15:00", "type": "cve", "title": "CVE-2021-27921", "cwe": ["CWE-400"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27921"], "modified": "2021-12-06T21:29:00", "cpe": ["cpe:/o:fedoraproject:fedora:32", "cpe:/o:fedoraproject:fedora:33", "cpe:/o:fedoraproject:fedora:34"], "id": "CVE-2021-27921", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27921", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T17:58:08", "description": "In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-01-12T09:15:00", "type": "cve", "title": "CVE-2020-35654", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-35654"], "modified": "2021-03-22T15:48:00", "cpe": ["cpe:/o:fedoraproject:fedora:33", "cpe:/o:fedoraproject:fedora:32"], "id": "CVE-2020-35654", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35654", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:19:45", "description": "An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-19T04:15:00", "type": "cve", "title": "CVE-2021-25290", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-25290"], "modified": "2021-12-03T18:10:00", "cpe": ["cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2021-25290", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25290", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T16:17:19", "description": "Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-03T09:15:00", "type": "cve", "title": "CVE-2021-27923", "cwe": ["CWE-400"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27923"], "modified": "2021-12-06T18:10:00", "cpe": ["cpe:/o:fedoraproject:fedora:32", "cpe:/o:fedoraproject:fedora:33", "cpe:/o:fedoraproject:fedora:34"], "id": "CVE-2021-27923", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27923", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T16:17:13", "description": "Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-03T09:15:00", "type": "cve", "title": "CVE-2021-27922", "cwe": ["CWE-400"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27922"], "modified": "2021-12-07T19:23:00", "cpe": ["cpe:/o:fedoraproject:fedora:32", "cpe:/o:fedoraproject:fedora:33", "cpe:/o:fedoraproject:fedora:34"], "id": "CVE-2021-27922", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27922", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*"]}], "osv": [{"lastseen": "2022-05-11T21:31:59", "description": "An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-29T16:35:16", "type": "osv", "title": "Out of bounds write in Pillow", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-35654", "CVE-2021-25289"], "modified": "2021-12-02T17:48:12", "id": "OSV:GHSA-57H3-9RGR-C24M", "href": "https://osv.dev/vulnerability/GHSA-57h3-9rgr-c24m", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-12T01:19:12", "description": "An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-19T04:15:00", "type": "osv", "title": "PYSEC-2021-35", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-35654", "CVE-2021-25289"], "modified": "2021-03-26T14:06:00", "id": "OSV:PYSEC-2021-35", "href": "https://osv.dev/vulnerability/PYSEC-2021-35", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-12T01:19:36", "description": "An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-19T04:15:00", "type": "osv", "title": "PYSEC-2021-37", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-25291"], "modified": "2021-03-22T14:09:00", "id": "OSV:PYSEC-2021-37", "href": "https://osv.dev/vulnerability/PYSEC-2021-37", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-10T05:04:00", "description": "An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-29T16:35:57", "type": "osv", "title": "Out of bounds read in Pillow", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-25291"], "modified": "2022-06-10T02:11:08", "id": "OSV:GHSA-MVG9-XFFR-P774", "href": "https://osv.dev/vulnerability/GHSA-mvg9-xffr-p774", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-10T04:59:12", "description": "An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-29T16:35:27", "type": "osv", "title": "Out of bounds read in Pillow", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-25293"], "modified": "2022-06-10T02:16:13", "id": "OSV:GHSA-P43W-G3C5-G5MQ", "href": "https://osv.dev/vulnerability/GHSA-p43w-g3c5-g5mq", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-05-12T01:19:37", "description": "An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-19T04:15:00", "type": "osv", "title": "PYSEC-2021-39", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-25293"], "modified": "2021-03-22T13:36:00", "id": "OSV:PYSEC-2021-39", "href": "https://osv.dev/vulnerability/PYSEC-2021-39", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-10T05:03:09", "description": "An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-03-29T16:35:46", "type": "osv", "title": "Regular Expression Denial of Service (ReDoS) in Pillow", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-25292"], "modified": "2022-06-10T02:12:21", "id": "OSV:GHSA-9HX2-HGQ2-2G4F", "href": "https://osv.dev/vulnerability/GHSA-9hx2-hgq2-2g4f", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-05-12T01:19:36", "description": "An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-03-19T04:15:00", "type": "osv", "title": "PYSEC-2021-38", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-25292"], "modified": "2021-03-22T14:03:00", "id": "OSV:PYSEC-2021-38", "href": "https://osv.dev/vulnerability/PYSEC-2021-38", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-05-12T01:19:22", "description": "Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-03T09:15:00", "type": "osv", "title": "PYSEC-2021-40", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27921"], "modified": "2021-03-23T19:49:00", "id": "OSV:PYSEC-2021-40", "href": "https://osv.dev/vulnerability/PYSEC-2021-40", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-10T05:03:16", "description": "### Impact\n_Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large._\n\n### Patches\n_An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image._\n\n### Workarounds\n_An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image._\n\n### References\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-27921\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [example link to repo](http://example.com)\n* Email us at [example email address](mailto:example@example.com)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-23T16:54:36", "type": "osv", "title": "Uncontrolled Resource Consumption in pillow", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27921"], "modified": "2022-06-10T02:12:09", "id": "OSV:GHSA-JGPV-4H4C-XHW3", "href": "https://osv.dev/vulnerability/GHSA-jgpv-4h4c-xhw3", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-10T04:58:57", "description": "Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-18T19:55:13", "type": "osv", "title": "Denial of Service by Uncontrolled Resource Consumption", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27921"], "modified": "2022-06-10T02:16:23", "id": "OSV:GHSA-F4W8-CV6P-X6R5", "href": "https://osv.dev/vulnerability/GHSA-f4w8-cv6p-x6r5", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-10T05:04:40", "description": "In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-18T19:55:27", "type": "osv", "title": "Out-of-bounds Write", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-35654"], "modified": "2022-06-10T02:10:09", "id": "OSV:GHSA-VQCJ-WRF2-7V73", "href": "https://osv.dev/vulnerability/GHSA-vqcj-wrf2-7v73", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-12T01:19:28", "description": "In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-01-12T09:15:00", "type": "osv", "title": "PYSEC-2021-70", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-35654"], "modified": "2021-03-22T15:48:00", "id": "OSV:PYSEC-2021-70", "href": "https://osv.dev/vulnerability/PYSEC-2021-70", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-10T04:57:19", "description": "An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-29T16:35:36", "type": "osv", "title": "Out-of-bounds Write in Pillow", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-25290"], "modified": "2022-06-10T02:17:22", "id": "OSV:GHSA-8XJQ-8FCG-G5HW", "href": "https://osv.dev/vulnerability/GHSA-8xjq-8fcg-g5hw", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-05-12T01:19:28", "description": "An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-19T04:15:00", "type": "osv", "title": "PYSEC-2021-36", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-25290"], "modified": "2021-03-22T14:11:00", "id": "OSV:PYSEC-2021-36", "href": "https://osv.dev/vulnerability/PYSEC-2021-36", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-10T04:57:22", "description": "Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-18T19:54:43", "type": "osv", "title": "Denial of Service by Uncontrolled Resource Consumption", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27923"], "modified": "2022-06-10T02:17:19", "id": "OSV:GHSA-95Q3-8GR9-GM8W", "href": "https://osv.dev/vulnerability/GHSA-95q3-8gr9-gm8w", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-05-12T01:19:23", "description": "Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-03T09:15:00", "type": "osv", "title": "PYSEC-2021-42", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27923"], "modified": "2021-03-23T19:48:00", "id": "OSV:PYSEC-2021-42", "href": "https://osv.dev/vulnerability/PYSEC-2021-42", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-10T04:57:41", "description": "Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-18T19:55:21", "type": "osv", "title": "Uncontrolled Resource Consumption", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27922"], "modified": "2022-06-10T02:17:06", "id": "OSV:GHSA-3WVG-MJ6G-M9CV", "href": "https://osv.dev/vulnerability/GHSA-3wvg-mj6g-m9cv", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-05-12T01:19:22", "description": "Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-03T09:15:00", "type": "osv", "title": "PYSEC-2021-41", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27922"], "modified": "2021-03-23T19:49:00", "id": "OSV:PYSEC-2021-41", "href": "https://osv.dev/vulnerability/PYSEC-2021-41", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhatcve": [{"lastseen": "2022-06-08T11:10:05", "description": "A flaw was found in python-pillow. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. The previous fix for CVE-2020-35654 was insufficient due to incorrect error checking in TiffDecode.c. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n#### Mitigation\n\nDisable the invoice generation feature to mitigate this vulnerability in Red Hat Quay. \n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-03T17:04:09", "type": "redhatcve", "title": "CVE-2021-25289", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-35654", "CVE-2021-25289"], "modified": "2022-06-08T08:40:52", "id": "RH:CVE-2021-25289", "href": "https://access.redhat.com/security/cve/cve-2021-25289", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-08T11:10:05", "description": "A flaw was found in python-pillow. Invalid tile boundaries could lead to an OOB Read in TiffReadRGBATile in TiffDecode.c.\n#### Mitigation\n\nDisable the invoice generation feature to mitigate this vulnerability in Red Hat Quay. \n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-03T17:39:56", "type": "redhatcve", "title": "CVE-2021-25291", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-25291"], "modified": "2022-06-08T08:40:55", "id": "RH:CVE-2021-25291", "href": "https://access.redhat.com/security/cve/cve-2021-25291", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-08T11:10:05", "description": "A flaw was found in python-pillow. There is an Out of Bounds Read in SGIRleDecode.c.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-03T17:40:05", "type": "redhatcve", "title": "CVE-2021-25293", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-25293"], "modified": "2022-06-08T08:40:56", "id": "RH:CVE-2021-25293", "href": "https://access.redhat.com/security/cve/cve-2021-25293", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-08T11:10:05", "description": "A flaw was found in python-pillow. The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack.\n#### Mitigation\n\nDisable the invoice generation feature to mitigate this vulnerability in Red Hat Quay. \n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-03-03T17:39:55", "type": "redhatcve", "title": "CVE-2021-25292", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-25292"], "modified": "2022-06-08T08:40:56", "id": "RH:CVE-2021-25292", "href": "https://access.redhat.com/security/cve/cve-2021-25292", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-08T11:09:58", "description": "A flaw was found in python-pillow. Attackers can cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.\n#### Mitigation\n\nDisable the invoice generation feature to mitigate this vulnerability in Red Hat Quay. \n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-04T19:39:50", "type": "redhatcve", "title": "CVE-2021-27921", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27921"], "modified": "2022-06-08T08:43:52", "id": "RH:CVE-2021-27921", "href": "https://access.redhat.com/security/cve/cve-2021-27921", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-08T11:11:17", "description": "A flaw was found in python-pillow. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-01-12T16:20:23", "type": "redhatcve", "title": "CVE-2020-35654", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-35654"], "modified": "2022-06-08T08:05:18", "id": "RH:CVE-2020-35654", "href": "https://access.redhat.com/security/cve/cve-2020-35654", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-08T11:10:04", "description": "A flaw was found in python-pillow. In TiffDecode.c, there is a negative-offset memcpy with an invalid size which could lead to a system crash.\n#### Mitigation\n\nDisable the invoice generation feature to mitigate this vulnerability in Red Hat Quay. \n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-03T17:04:09", "type": "redhatcve", "title": "CVE-2021-25290", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-25290"], "modified": "2022-06-08T08:40:54", "id": "RH:CVE-2021-25290", "href": "https://access.redhat.com/security/cve/cve-2021-25290", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-08T11:09:58", "description": "A flaw was found in python-pillow. Attackers can cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.\n#### Mitigation\n\nDisable the invoice generation feature to mitigate this vulnerability in Red Hat Quay. \n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-04T20:09:56", "type": "redhatcve", "title": "CVE-2021-27923", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27923"], "modified": "2022-06-08T08:43:58", "id": "RH:CVE-2021-27923", "href": "https://access.redhat.com/security/cve/cve-2021-27923", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-08T11:09:58", "description": "A flaw was found in python-pillow. Attackers can cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-04T20:09:56", "type": "redhatcve", "title": "CVE-2021-27922", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27922"], "modified": "2022-06-08T08:43:57", "id": "RH:CVE-2021-27922", "href": "https://access.redhat.com/security/cve/cve-2021-27922", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2022-06-10T18:10:41", "description": "An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-19T04:15:00", "type": "debiancve", "title": "CVE-2021-25289", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-35654", "CVE-2021-25289"], "modified": "2021-03-19T04:15:00", "id": "DEBIANCVE:CVE-2021-25289", "href": "https://security-tracker.debian.org/tracker/CVE-2021-25289", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-10T18:10:41", "description": "An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-19T04:15:00", "type": "debiancve", "title": "CVE-2021-25291", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-25291"], "modified": "2021-03-19T04:15:00", "id": "DEBIANCVE:CVE-2021-25291", "href": "https://security-tracker.debian.org/tracker/CVE-2021-25291", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-10T18:10:41", "description": "An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-19T04:15:00", "type": "debiancve", "title": "CVE-2021-25293", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-25293"], "modified": "2021-03-19T04:15:00", "id": "DEBIANCVE:CVE-2021-25293", "href": "https://security-tracker.debian.org/tracker/CVE-2021-25293", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-10T18:10:41", "description": "An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-03-19T04:15:00", "type": "debiancve", "title": "CVE-2021-25292", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-25292"], "modified": "2021-03-19T04:15:00", "id": "DEBIANCVE:CVE-2021-25292", "href": "https://security-tracker.debian.org/tracker/CVE-2021-25292", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-10T18:10:41", "description": "Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-03T09:15:00", "type": "debiancve", "title": "CVE-2021-27921", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27921"], "modified": "2021-03-03T09:15:00", "id": "DEBIANCVE:CVE-2021-27921", "href": "https://security-tracker.debian.org/tracker/CVE-2021-27921", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-10T18:10:41", "description": "In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-01-12T09:15:00", "type": "debiancve", "title": "CVE-2020-35654", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-35654"], "modified": "2021-01-12T09:15:00", "id": "DEBIANCVE:CVE-2020-35654", "href": "https://security-tracker.debian.org/tracker/CVE-2020-35654", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-10T18:10:41", "description": "An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-19T04:15:00", "type": "debiancve", "title": "CVE-2021-25290", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-25290"], "modified": "2021-03-19T04:15:00", "id": "DEBIANCVE:CVE-2021-25290", "href": "https://security-tracker.debian.org/tracker/CVE-2021-25290", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-10T18:10:41", "description": "Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-03T09:15:00", "type": "debiancve", "title": "CVE-2021-27923", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27923"], "modified": "2021-03-03T09:15:00", "id": "DEBIANCVE:CVE-2021-27923", "href": "https://security-tracker.debian.org/tracker/CVE-2021-27923", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-10T18:10:41", "description": "Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-03T09:15:00", "type": "debiancve", "title": "CVE-2021-27922", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27922"], "modified": "2021-03-03T09:15:00", "id": "DEBIANCVE:CVE-2021-27922", "href": "https://security-tracker.debian.org/tracker/CVE-2021-27922", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "almalinux": [{"lastseen": "2021-11-12T15:49:45", "description": "The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities.\n\nSecurity Fix(es):\n\n* python-pillow: Out-of-bounds read in J2K image reader (CVE-2021-25287)\n\n* python-pillow: Out-of-bounds read in J2K image reader (CVE-2021-25288)\n\n* python-pillow: Negative-offset memcpy in TIFF image reader (CVE-2021-25290)\n\n* python-pillow: Regular expression DoS in PDF format parser (CVE-2021-25292)\n\n* python-pillow: Out-of-bounds read in SGI RLE image reader (CVE-2021-25293)\n\n* python-pillow: Excessive memory allocation in BLP image reader (CVE-2021-27921)\n\n* python-pillow: Excessive memory allocation in ICNS image reader (CVE-2021-27922)\n\n* python-pillow: Excessive memory allocation in ICO image reader (CVE-2021-27923)\n\n* python-pillow: Excessive memory allocation in PSD image reader (CVE-2021-28675)\n\n* python-pillow: Infinite loop in FLI image reader (CVE-2021-28676)\n\n* python-pillow: Excessive CPU use in EPS image reader (CVE-2021-28677)\n\n* python-pillow: Excessive looping in BLP image reader (CVE-2021-28678)\n\n* python-pillow: Buffer overflow in image convert function (CVE-2021-34552)\n\n* python-pillow: Buffer over-read in PCX image reader (CVE-2020-35653)\n\n* python-pillow: Buffer over-read in SGI RLE image reader (CVE-2020-35655)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-11-09T08:24:34", "type": "almalinux", "title": "Moderate: python-pillow security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-35653", "CVE-2020-35655", "CVE-2021-25287", "CVE-2021-25288", "CVE-2021-25290", "CVE-2021-25292", "CVE-2021-25293", "CVE-2021-27921", "CVE-2021-27922", "CVE-2021-27923", "CVE-2021-28675", "CVE-2021-28676", "CVE-2021-28677", "CVE-2021-28678", "CVE-2021-34552"], "modified": "2021-11-12T10:20:56", "id": "ALSA-2021:4149", "href": "https://errata.almalinux.org/8/ALSA-2021-4149.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2021-11-22T18:37:32", "description": "The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities.\n\nSecurity Fix(es):\n\n* python-pillow: Out-of-bounds read in J2K image reader (CVE-2021-25287)\n\n* python-pillow: Out-of-bounds read in J2K image reader (CVE-2021-25288)\n\n* python-pillow: Negative-offset memcpy in TIFF image reader (CVE-2021-25290)\n\n* python-pillow: Regular expression DoS in PDF format parser (CVE-2021-25292)\n\n* python-pillow: Out-of-bounds read in SGI RLE image reader (CVE-2021-25293)\n\n* python-pillow: Excessive memory allocation in BLP image reader (CVE-2021-27921)\n\n* python-pillow: Excessive memory allocation in ICNS image reader (CVE-2021-27922)\n\n* python-pillow: Excessive memory allocation in ICO image reader (CVE-2021-27923)\n\n* python-pillow: Excessive memory allocation in PSD image reader (CVE-2021-28675)\n\n* python-pillow: Infinite loop in FLI image reader (CVE-2021-28676)\n\n* python-pillow: Excessive CPU use in EPS image reader (CVE-2021-28677)\n\n* python-pillow: Excessive looping in BLP image reader (CVE-2021-28678)\n\n* python-pillow: Buffer overflow in image convert function (CVE-2021-34552)\n\n* python-pillow: Buffer over-read in PCX image reader (CVE-2020-35653)\n\n* python-pillow: Buffer over-read in SGI RLE image reader (CVE-2020-35655)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-11-09T08:24:34", "type": "redhat", "title": "(RHSA-2021:4149) Moderate: python-pillow security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-35653", "CVE-2020-35655", "CVE-2021-25287", "CVE-2021-25288", "CVE-2021-25290", "CVE-2021-25292", "CVE-2021-25293", "CVE-2021-27921", "CVE-2021-27922", "CVE-2021-27923", "CVE-2021-28675", "CVE-2021-28676", "CVE-2021-28677", "CVE-2021-28678", "CVE-2021-34552"], "modified": "2021-11-09T14:11:20", "id": "RHSA-2021:4149", "href": "https://access.redhat.com/errata/RHSA-2021:4149", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-22T18:37:26", "description": "Quay 3.6.0 release\n\nSecurity Fix(es):\n\n* nodejs-url-parse: incorrect hostname in url parsing (CVE-2018-3774)\n\n* python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c (CVE-2021-25289)\n\n* nodejs-urijs: mishandling certain uses of backslash may lead to confidentiality compromise (CVE-2021-27516)\n\n* nodejs-debug: Regular expression Denial of Service (CVE-2017-16137)\n\n* nodejs-mime: Regular expression Denial of Service (CVE-2017-16138)\n\n* nodejs-is-my-json-valid: ReDoS when validating JSON fields with email format (CVE-2018-1107)\n\n* nodejs-extend: Prototype pollution can allow attackers to modify object properties (CVE-2018-16492)\n\n* nodejs-stringstream: out-of-bounds read leading to uninitialized memory exposure (CVE-2018-21270)\n\n* nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution (CVE-2019-20920)\n\n* nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS (CVE-2019-20922)\n\n* nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203)\n\n* nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366)\n\n* nodejs-highlight-js: prototype pollution via a crafted HTML code block (CVE-2020-26237)\n\n* urijs: Hostname spoofing via backslashes in URL (CVE-2020-26291)\n\n* python-pillow: decoding crafted YCbCr files could result in heap-based buffer overflow (CVE-2020-35654)\n\n* browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) (CVE-2021-23364)\n\n* nodejs-postcss: Regular expression denial of service during source map parsing (CVE-2021-23368)\n\n* nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js (CVE-2021-23382)\n\n* python-pillow: negative-offset memcpy with an invalid size in TiffDecode.c (CVE-2021-25290)\n\n* python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c (CVE-2021-25291)\n\n* python-pillow: backtracking regex in PDF parser could be used as a DOS attack (CVE-2021-25292)\n\n* python-pillow: out-of-bounds read in SGIRleDecode.c (CVE-2021-25293)\n\n* nodejs-url-parse: mishandling certain uses of backslash may lead to confidentiality compromise (CVE-2021-27515)\n\n* python-pillow: reported size of a contained image is not properly checked for a BLP container (CVE-2021-27921)\n\n* python-pillow: reported size of a contained image is not properly checked for an ICNS container (CVE-2021-27922)\n\n* python-pillow: reported size of a contained image is not properly checked for an ICO container (CVE-2021-27923)\n\n* python-pillow: buffer overflow in Convert.c because it allow an attacker to pass controlled parameters directly into a convert function (CVE-2021-34552)\n\n* nodejs-braces: Regular Expression Denial of Service (ReDoS) in lib/parsers.js (CVE-2018-1109)\n\n* lodash: Prototype pollution in utilities function (CVE-2018-3721)\n\n* hoek: Prototype pollution in utilities function (CVE-2018-3728)\n\n* lodash: uncontrolled resource consumption in Data handler causing denial of service (CVE-2019-1010266)\n\n* nodejs-yargs-parser: prototype pollution vulnerability (CVE-2020-7608)\n\n* python-pillow: decoding a crafted PCX file could result in buffer over-read (CVE-2020-35653)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2021-10-19T12:05:33", "type": "redhat", "title": "(RHSA-2021:3917) Important: Red Hat Quay v3.6.0 security, bug fix and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16137", "CVE-2017-16138", "CVE-2018-1107", "CVE-2018-1109", "CVE-2018-16492", "CVE-2018-21270", "CVE-2018-3721", "CVE-2018-3728", "CVE-2018-3774", "CVE-2019-1010266", "CVE-2019-20920", "CVE-2019-20922", "CVE-2020-15366", "CVE-2020-25648", "CVE-2020-26237", "CVE-2020-26291", "CVE-2020-35653", "CVE-2020-35654", "CVE-2020-7608", "CVE-2020-8203", "CVE-2021-22922", "CVE-2021-22923", "CVE-2021-22924", "CVE-2021-23364", "CVE-2021-23368", "CVE-2021-23382", "CVE-2021-25289", "CVE-2021-25290", "CVE-2021-25291", "CVE-2021-25292", "CVE-2021-25293", "CVE-2021-27515", "CVE-2021-27516", "CVE-2021-27921", "CVE-2021-27922", "CVE-2021-27923", "CVE-2021-34552", "CVE-2021-36222", "CVE-2021-37750"], "modified": "2021-10-19T12:05:55", "id": "RHSA-2021:3917", "href": "https://access.redhat.com/errata/RHSA-2021:3917", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:24:20", "description": "An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based\nbuffer overflow when decoding crafted YCbCr files because of certain\ninterpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists\nbecause of an incomplete fix for CVE-2020-35654.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-03-03T00:00:00", "type": "ubuntucve", "title": "CVE-2021-25289", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-25289"], "modified": "2021-03-03T00:00:00", "id": "UB:CVE-2021-25289", "href": "https://ubuntu.com/security/CVE-2021-25289", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-22T21:24:21", "description": "An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is\nan out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-03-03T00:00:00", "type": "ubuntucve", "title": "CVE-2021-25291", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-25291"], "modified": "2021-03-03T00:00:00", "id": "UB:CVE-2021-25291", "href": "https://ubuntu.com/security/CVE-2021-25291", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-11-22T21:24:20", "description": "An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds\nread in SGIRleDecode.c.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-03-03T00:00:00", "type": "ubuntucve", "title": "CVE-2021-25293", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-25293"], "modified": "2021-03-03T00:00:00", "id": "UB:CVE-2021-25293", "href": "https://ubuntu.com/security/CVE-2021-25293", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-11-22T21:24:20", "description": "An issue was discovered in Pillow before 8.1.1. The PDF parser allows a\nregular expression DoS (ReDoS) attack via a crafted PDF file because of a\ncatastrophic backtracking regex.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-03-03T00:00:00", "type": "ubuntucve", "title": "CVE-2021-25292", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-25292"], "modified": "2021-03-03T00:00:00", "id": "UB:CVE-2021-25292", "href": "https://ubuntu.com/security/CVE-2021-25292", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-11-22T21:22:35", "description": "Pillow before 8.1.1 allows attackers to cause a denial of service (memory\nconsumption) because the reported size of a contained image is not properly\nchecked for a BLP container, and thus an attempted memory allocation can be\nvery large.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | while this is mentioned in the 8.1.1 release notes, it doesn't seem to be mentioned in the CHANGES file, and I can't seem to locate the commits that fix this in 8.1.1 vs 8.1.0 This was actually fixed in 8.1.2.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-03-03T00:00:00", "type": "ubuntucve", "title": "CVE-2021-27921", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27921"], "modified": "2021-03-03T00:00:00", "id": "UB:CVE-2021-27921", "href": "https://ubuntu.com/security/CVE-2021-27921", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-11-22T21:23:38", "description": "In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when\ndecoding crafted YCbCr files because of certain interpretation conflicts\nwith LibTIFF in RGBA mode.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | per upstream, affects 6.0.0 to 8.0.1, and only when used with libtiff 4.1.0 in focal, not 4.0.9 in bionic\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-01-12T00:00:00", "type": "ubuntucve", "title": "CVE-2020-35654", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-35654"], "modified": "2021-01-12T00:00:00", "id": "UB:CVE-2020-35654", "href": "https://ubuntu.com/security/CVE-2020-35654", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-22T21:22:36", "description": "An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a\nnegative-offset memcpy with an invalid size.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-03-03T00:00:00", "type": "ubuntucve", "title": "CVE-2021-25290", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-25290"], "modified": "2021-03-03T00:00:00", "id": "UB:CVE-2021-25290", "href": "https://ubuntu.com/security/CVE-2021-25290", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-11-22T21:22:36", "description": "Pillow before 8.1.1 allows attackers to cause a denial of service (memory\nconsumption) because the reported size of a contained image is not properly\nchecked for an ICO container, and thus an attempted memory allocation can\nbe very large.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | while this is mentioned in the 8.1.1 release notes, it doesn't seem to be mentioned in the CHANGES file, and I can't seem to locate the commits that fix this in 8.1.1 vs 8.1.0 This was actually fixed in 8.1.2.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-03-03T00:00:00", "type": "ubuntucve", "title": "CVE-2021-27923", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27923"], "modified": "2021-03-03T00:00:00", "id": "UB:CVE-2021-27923", "href": "https://ubuntu.com/security/CVE-2021-27923", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-11-22T21:22:36", "description": "Pillow before 8.1.1 allows attackers to cause a denial of service (memory\nconsumption) because the reported size of a contained image is not properly\nchecked for an ICNS container, and thus an attempted memory allocation can\nbe very large.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | while this is mentioned in the 8.1.1 release notes, it doesn't seem to be mentioned in the CHANGES file, and I can't seem to locate the commits that fix this in 8.1.1 vs 8.1.0 This was actually fixed in 8.1.2.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-03-03T00:00:00", "type": "ubuntucve", "title": "CVE-2021-27922", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27922"], "modified": "2021-03-03T00:00:00", "id": "UB:CVE-2021-27922", "href": "https://ubuntu.com/security/CVE-2021-27922", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "archlinux": [{"lastseen": "2021-07-28T14:33:56", "description": "Arch Linux Security Advisory ASA-202101-11\n==========================================\n\nSeverity: Medium\nDate : 2021-01-12\nCVE-ID : CVE-2020-35653 CVE-2020-35654 CVE-2020-35655\nPackage : python-pillow\nType : multiple issues\nRemote : No\nLink : https://security.archlinux.org/AVG-1438\n\nSummary\n=======\n\nThe package python-pillow before version 8.1.0-1 is vulnerable to\nmultiple issues including arbitrary code execution, information\ndisclosure and denial of service.\n\nResolution\n==========\n\nUpgrade to 8.1.0-1.\n\n# pacman -Syu \"python-pillow>=8.1.0-1\"\n\nThe problems have been fixed upstream in version 8.1.0.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2020-35653 (information disclosure)\n\nIn python-pillow before 8.1.0, PcxDecode has a buffer over-read when\ndecoding a crafted PCX file because the user-supplied stride value is\ntrusted for buffer calculations.\n\n- CVE-2020-35654 (arbitrary code execution)\n\nIn python-pillow before 8.1.0, TiffDecode has a heap-based buffer\noverflow when decoding crafted YCbCr files because of certain\ninterpretation conflicts with LibTIFF in RGBA mode.\n\n- CVE-2020-35655 (denial of service)\n\nIn python-pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-\nread when decoding crafted SGI RLE image files because offsets and\nlength tables are mishandled.\n\nImpact\n======\n\nA local malicious user might craft a malformed file to execute\narbitrary code, read from memory or crash the application.\n\nReferences\n==========\n\nhttps://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security\nhttps://github.com/python-pillow/Pillow/pull/5174\nhttps://github.com/python-pillow/Pillow/commit/2f409261eb1228e166868f8f0b5da5cda52e55bf\nhttps://github.com/python-pillow/Pillow/pull/5175\nhttps://github.com/python-pillow/Pillow/commit/eb8c1206d6b170d4e798a00db7432e023853da5c\nhttps://github.com/python-pillow/Pillow/commit/45a62e91b1f72e79989a7919af97b062dc8dfaf4\nhttps://github.com/python-pillow/Pillow/pull/5173\nhttps://github.com/python-pillow/Pillow/commit/7e95c63fa7f503f185d3d9eb16b9cee1e54d1e46\nhttps://github.com/python-pillow/Pillow/commit/9a2c9f722f78773e608d44710873437baf3f17d1\nhttps://security.archlinux.org/CVE-2020-35653\nhttps://security.archlinux.org/CVE-2020-35654\nhttps://security.archlinux.org/CVE-2020-35655", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-01-12T00:00:00", "type": "archlinux", "title": "[ASA-202101-11] python-pillow: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-35653", "CVE-2020-35654", "CVE-2020-35655"], "modified": "2021-01-12T00:00:00", "id": "ASA-202101-11", "href": "https://security.archlinux.org/ASA-202101-11", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2022-03-26T18:47:40", "description": "-------------------------------------------------------------------------\nDebian LTS Advisory DLA-2716-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Neil Williams\nJuly 22, 2021 https://wiki.debian.org/LTS\n-------------------------------------------------------------------------\n\nPackage : pillow\nVersion : 4.0.0-4+deb9u3\nCVE ID : CVE-2020-35653 CVE-2021-25290 CVE-2021-28676 CVE-2021-28677\n CVE-2021-34552\nDebian Bug : #991293, #989062\n\nSeveral vulnerabilities have been discovered in pillow (Python Imaging\nLibrary - PIL).\n\nAffected binary packages:\n\n python-imaging\n python-pil-dbg\n python-pil-doc\n python-pil.imagetk-dbg\n python-pil.imagetk\n python-pil\n python3-pil-dbg\n python3-pil.imagetk-dbg\n python3-pil.imagetk\n python3-pil\n\nCVE-2020-35653\n\n Pillow through 8.2.0 and PIL (aka Python Imaging Library) through\n 1.1.7 allow an attacker to pass controlled parameters directly into\n a convert function to trigger a buffer overflow in Convert.c.\n\nCVE-2021-25290\n\n An issue was discovered in Pillow before 8.1.1. In TiffDecode.c,\n there is a negative-offset memcpy with an invalid size.\n\nCVE-2021-28676\n\n An issue was discovered in Pillow before 8.2.0. For FLI data,\n FliDecode did not properly check that the block advance was\n non-zero, potentially leading to an infinite loop on load.\n\nCVE-2021-28677\n\n An issue was discovered in Pillow before 8.2.0. For EPS data, the\n readline implementation used in EPSImageFile has to deal with any\n combination of \\r and \\n as line endings. It used an accidentally\n quadratic method of accumulating lines while looking for a line\n ending. A malicious EPS file could use this to perform a DoS of\n Pillow in the open phase, before an image was accepted for opening.\n\nCVE-2021-34552\n\n Pillow through 8.2.0 and PIL (aka Python Imaging Library) through\n 1.1.7 allow an attacker to pass controlled parameters directly into\n a convert function to trigger a buffer overflow in Convert.c.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.0.0-4+deb9u3.\n\nWe recommend that you upgrade your pillow packages.\n\nFor the detailed security status of pillow please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/pillow\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\nAttachment:\npgpCeJaCgJQck.pgp\nDescription: OpenPGP digital signature\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-22T11:17:53", "type": "debian", "title": "[SECURITY] [DLA 2716-1] pillow security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-35653", "CVE-2021-25290", "CVE-2021-28676", "CVE-2021-28677", "CVE-2021-34552"], "modified": "2021-07-22T11:17:53", "id": "DEBIAN:DLA-2716-1:B7285", "href": "https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "kitploit": [{"lastseen": "2022-04-07T12:01:49", "description": "[](<https://1.bp.blogspot.com/-UjWm8eord38/YO93rWcho5I/AAAAAAAAjQ0/Xwl7ZZuO-SUdvH7ODpTuRdsNolgYLWpowCNcBGAsYHQ/s500/regexploit_1.png>)\n\n \n\n\nFind regexes which are [vulnerable](<https://www.kitploit.com/search/label/Vulnerable> \"vulnerable\" ) to [Regular Expression](<https://www.kitploit.com/search/label/Regular%20Expression> \"Regular Expression\" ) [Denial of Service](<https://www.kitploit.com/search/label/Denial%20of%20Service> \"Denial of Service\" ) (ReDoS).\n\n**More info on [the Doyensec blog](<https://blog.doyensec.com/2021/03/11/regexploit.html> \"the Doyensec blog\" )**\n\nMany default regular expression parsers have unbounded worst-case complexity. Regex matching may be quick when presented with a matching input string. However, certain non-matching input strings can make the regular expression matcher go into crazy backtracking loops and take ages to process. This can cause denial of service, as the CPU will be stuck trying to match the regex.\n\nThis tool is designed to:\n\n * find [regular expressions](<https://www.kitploit.com/search/label/Regular%20Expressions> \"regular expressions\" ) which are vulnerable to ReDoS\n * give an example malicious string which will cause catastrophic backtracking\n\n \n\n\n**Worst-case complexity** \n\n\nThis reflects the complexity of the regular expression matcher's backtracking procedure with respect to the length of the entered string.\n\nCubic complexity here means that if the vulnerable part of the string is doubled in length, the execution time should be about 8 times longer (2^3). For exponential ReDoS with starred stars e.g. `(a*)*$` a fudge factor is used and the complexity will be greater than 10.\n\nFor explotability, cubic complexity or higher is typically required unless truly giant strings are allowed as input.\n\n \n**Example** \n\n\nRun `regexploit` and enter the regular expression `v\\w*_\\w*_\\w*$` at the command line.\n \n \n $ regexploit \n v\\w*_\\w*_\\w*$ \n Pattern: v\\w*_\\w*_\\w*$ \n --- \n Worst-case complexity: 3 \u2b50\u2b50\u2b50 (cubic) \n Repeated character: [5f:_] \n Final character to cause backtracking: [^WORD] \n Example: 'v' + '_' * 3456 + '!' \n \n\nThe part `\\w*_\\w*_\\w*` contains three overlapping repeating groups (\\w matches letters, digits _and underscores_). As showed in the line `Repeated character: [5f:_]`, a long string of `_` (0x5f) will match this section in many different ways. The worst-case complexity is 3 as there are 3 infinitely repeating groups. An example to cause ReDoS is given: it consists of the required prefix `v`, a long string of `_` and then a `!` (non-word character) to cause backtracking. Not all ReDoSes require a particular character at the end, but in this case, a long string of `_` will match the regex successfully and won't backtrack. The line `Final character to cause backtracking: [^WORD]` shows that a non-matching character (not a word character) is required at the end to prevent matching and cause ReDoS.\n\nAs another example, install a module version vulnerable to ReDoS such as `pip install ua-parser==0.9.0`. To scan the installed python modules run `regexploit-python-env`.\n \n \n Importing ua_parser.user_agent_parser \n Vulnerable regex in /somewhere/.env/lib/python3.9/site-packages/ua_parser/user_agent_parser.py #183 \n Pattern: \\bSmartWatch *\\( *([^;]+) *; *([^;]+) *; \n Context: self.user_agent_re = re.compile(self.pattern) \n --- \n Worst-case complexity: 3 \u2b50\u2b50\u2b50 \n Repeated character: [20] \n Example: 'SmartWatch(' + ' ' * 3456 \n \n Worst-case complexity: 3 \u2b50\u2b50\u2b50 \n Repeated character: [20] \n Example: 'SmartWatch(0;' + ' ' * 3456 \n \n Vulnerable regex in /somewhere/.env/lib/python3.9/site-packages/ua_parser/user_agent_parser.py #183 \n Pattern: ; *([^;/]+) Build[/ ]Huawei(MT1-U06|[A-Z]+\\d+[^\\);]+)[^\\);]*\\) \n Context: self.user_agent_re = re.compile(self.pattern) \n --- \n Worst-case complexity: 3 \u2b50\u2b50\u2b50 \n Repeated character: [[0-9]] \n Example: ';0 Build/HuaweiA' + '0' * 3456 \n ... \n \n\nFor each vulnerable regular expression it prints one or more malicious string to trigger ReDoS. Setting your user agent to `;0 Build/HuaweiA000000000000000...` and browsing a website using an old version of ua-parser may cause the server to take a long time to process your request, probably ending in status 502.\n\n \n**Installation** \n\n\nPython 3.8+ is required. To extract regexes from JavaScript / TypeScript code, NodeJS 12+ is also required.\n\nOptionally make a virtual environment\n \n \n python3 -m venv .env \n source .env/bin/activate\n\nNow actually install with pip\n \n \n pip install regexploit \n \n\n \n**Usage** \n \n**Regexploit with a list of regexes** \n\n\nEnter regular expressions via stdin (one per line) into `regexploit`.\n \n \n regexploit\n\nor via a file\n \n \n cat myregexes.txt | regexploit\n\n \n**Extract regexes automatically** \n\n\nThere is built-in support for parsing regexes out of Python, JavaScript, TypeScript, C#, YAML and JSON.\n\n \n**Python code** \n\n\nParses Python code (without executing it) via the AST to find regexes. The regexes are then analysed for ReDoS.\n \n \n regexploit-py my-project/ \n regexploit-py \"my-project/**/*.py\" --glob\n\n \n**Javascript / Typescript** \n\n\nThis will use the bundled NodeJS package in `regexploit/bin/javascript` which parses your JavaScript as an AST with [eslint](<https://github.com/typescript-eslint/typescript-eslint/tree/master/packages/parser> \"eslint\" ) and prints out all regexes.\n\nThose regexes are fed into the python ReDoS finder.\n \n \n regexploit-js my-module/my-file.js another/file.js some/folder/ \n regexploit-js \"my-project/node_modules/**/*.js\" --glob\n\nN.B. there are differences between javascript and python regex parsing so there may be some errors. I'm [not sure I want](<https://hackernoon.com/the-madness-of-parsing-real-world-javascript-regexps-d9ee336df983> \"not sure I want\" ) to write a JS regex AST!\n\n \n**Python imports** \n\n\nSearch for regexes in all the python modules currently installed in your path / env. This means you can `pip install` whatever modules you are interested in and they will be analysed. Cpython code is included.\n \n \n regexploit-python-env\n\nN.B. this doesn't parse the python code to an AST and will only find regexes compiled automatically on module import. Modules are actually imported, **so code in the modules will be executed**. This is helpful for finding regexes which are built up from smaller strings on load e.g. [CVE-2021-25292 in Pillow](<https://github.com/python-pillow/Pillow/commit/3bce145966374dd39ce58a6fc0083f8d1890719c> \"CVE-2021-25292 in Pillow\" )\n\n \n**JSON / YAML** \n\n\nYaml support requires pyyaml, which can be installed with `pip install regexploit[yaml]`.\n \n \n regexploit-json *.json \n regexploit-yaml *.yaml\n\n \n**C# (.NET)** \n\n \n \n regexploit-csharp something.cs\n\n \n**\n\n**Bugs reported**\n\n**\n\n * [CVE-2020-5243: uap-core](<https://github.com/ua-parser/uap-core/security/advisories/GHSA-cmcx-xhr8-3w9p> \"CVE-2020-5243: uap-core\" ) affecting uap-python, [uap-ruby](<https://github.com/ua-parser/uap-ruby/security/advisories/GHSA-pcqq-5962-hvcw> \"uap-ruby\" ), etc. (User-Agent header parsing)\n * [CVE-2020-8492: cpython's urllib.request](<https://github.com/python/cpython/commit/0b297d4ff1c0e4480ad33acae793fbaf4bf015b4> \"CVE-2020-8492: cpython's urllib.request\" ) (WWW-Authenticate header parsing)\n * [CVE-2021-21236: CairoSVG](<https://github.com/advisories/GHSA-hq37-853p-g5cf> \"CVE-2021-21236: CairoSVG\" ) (SVG parsing)\n * [CVE-2021-21240: httplib2](<https://github.com/httplib2/httplib2/security/advisories/GHSA-93xj-8mrv-444m> \"CVE-2021-21240: httplib2\" ) (WWW-Authenticate header parsing)\n * [CVE-2021-25292: python-pillow](<https://github.com/python-pillow/Pillow/commit/3bce145966374dd39ce58a6fc0083f8d1890719c> \"CVE-2021-25292: python-pillow\" ) (PDF parsing)\n * [CVE-2021-26813: python-markdown2](<https://github.com/trentm/python-markdown2/pull/387> \"CVE-2021-26813: python-markdown2\" ) (Markdown parsing)\n * [CVE-2021-27290: npm/ssri](<https://doyensec.com/resources/Doyensec_Advisory_ssri_redos.pdf> \"CVE-2021-27290: npm/ssri\" ) (SRI parsing)\n * [CVE-2021-27291: pygments](<https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14> \"CVE-2021-27291: pygments\" ) lexers for ADL, CADL, Ceylon, Evoque, Factor, Logos, Matlab, Octave, ODIN, Scilab &amp; Varnish VCL (Syntax highlighting)\n * [CVE-2021-27292: ua-parser-js](<https://github.com/faisalman/ua-parser-js/commit/809439e20e273ce0d25c1d04e111dcf6011eb566> \"CVE-2021-27292: ua-parser-js\" ) (User-Agent header parsing)\n * [CVE-2021-27293: RestSharp](<https://github.com/restsharp/RestSharp/issues/1556> \"CVE-2021-27293: RestSharp\" ) (JSON deserialisation in a .NET C# package)\n * [bpo-38804: cpython's http.cookiejar](<https://github.com/python/cpython/pull/17157> \"bpo-38804: cpython's http.cookiejar\" ) (Set-Cookie header parsing)\n * [SimpleCrawler (archived)](<https://doyensec.com/resources/Doyensec_Advisory_simplecrawler_redos.pdf> \"SimpleCrawler \\(archived\\)\" ) (HTML parsing)\n * [CVE-2021-28092: is-svg](<https://github.com/sindresorhus/is-svg/commit/01f8a087fab8a69c3ac9085fbb16035907ab6a5b> \"CVE-2021-28092: is-svg\" ) (SVG parsing)\n * [nuget.org, NuGetGallery](<https://github.com/NuGet/NuGetGallery/commit/25d2d3b32b2d9f0b1ca6e0a105b0210c2c4820f4> \"nuget.org, NuGetGallery\" ) and [NuGet.Client](<https://github.com/NuGet/NuGet.Client/commit/a0671e946ce71dc59def5cc8a67c6457d66f33bf> \"NuGet.Client\" ) (Parsing NuGet package IDs)\n * [markdown (python)](<https://github.com/Python-Markdown/markdown/pull/1130> \"markdown \\(python\\)\" ) (Markdown parsing)\n * [ansi-html (nodejs)](<https://github.com/Tjatse/ansi-html/issues/19> \"ansi-html \\(nodejs\\)\" ) (ANSI parsing)\n * Plus unpublished bugs in a handful of pypi, npm, ruby and nuget packages\n \n**Credits** \n\n\nThis tool has been created by Ben Caller of [Doyensec LLC](<https://www.doyensec.com> \"Doyensec LLC\" ) during research time.\n\n[](<https://camo.githubusercontent.com/604dfb1a1bfac98d0048f363e0e6d65bd88b4fdbd57f5b001a8f76ea580c1097/68747470733a2f2f646f79656e7365632e636f6d2f696d616765732f6c6f676f2e737667> \"Find regular expressions which are vulnerable to ReDoS \\(Regular Expression Denial of Service\\) \\(29\\)\" )\n\n \n \n\n\n**[Download Regexploit](<https://github.com/doyensec/regexploit> \"Download Regexploit\" )**\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-07-20T12:30:00", "type": "kitploit", "title": "Regexploit - Find Regular Expressions Which Are Vulnerable To ReDoS (Regular Expression Denial Of Service)", "bulletinFamily": "tools", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5243", "CVE-2020-8492", "CVE-2021-21236", "CVE-2021-21240", "CVE-2021-25292", "CVE-2021-26813", "CVE-2021-27290", "CVE-2021-27291", "CVE-2021-27292", "CVE-2021-27293", "CVE-2021-28092"], "modified": "2021-07-20T12:30:00", "id": "KITPLOIT:3974184594574360239", "href": "http://www.kitploit.com/2021/07/regexploit-find-regular-expressions.html", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}]}