19 matches found
SUSE SLES15 Security Update : python-Pillow (SUSE-SU-2024:1673-2)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1673-2 advisory. - Fixed ImagePath.Path array handling bsc1194552, CVE-2022-22815, bsc1194551, CVE-2022-22816 - Use snprintf instead of sprintf bsc1188574,...
openSUSE Security Advisory (SUSE-SU-2024:1673-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
BIT-PILLOW-2021-25289
An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654...
Out of bounds write in Pillow
An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654...
Denial Of Service (DoS)
pillow is vulnerable to denial of service DoS. The vulnerability exists through a heap-based buffer overflow during the decoding of a malicious YCbCr file in RGBA mode. This CVE is due to an incomplete fix for CVE-2020-35654...
ALPINE-CVE-2021-25289
An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654...
CVE-2021-25289
An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654...
Fedora 32 : python-pillow / python2-pillow (2021-0ece308612)
The remote Fedora 32 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2021-0ece308612 advisory. - In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts...
Fedora: Security Advisory for mingw-python-pillow (FEDORA-2021-15845d3abe)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora 33 : mingw-python-pillow / python-pillow / python2-pillow (2021-15845d3abe)
The remote Fedora 33 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2021-15845d3abe advisory. - In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts...
CVE-2021-25289
An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654...
UBUNTU-CVE-2021-25289
An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654...
Fedora 33 : mingw-python-pillow / python-pillow (2021-a8ddc1ce70)
The remote Fedora 33 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2021-a8ddc1ce70 advisory. - In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for...
Fedora: Security Advisory for mingw-python-pillow (FEDORA-2021-a8ddc1ce70)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
USN-4697-1: Pillow vulnerabilities
It was discovered that Pillow incorrectly handled certain PCX image files. If a user or automated system were tricked into opening a specially-crafted PCX file, a remote attacker could possibly cause Pillow to crash, resulting in a denial of service. CVE-2020-35653 It was discovered that Pillow...
UBUNTU-CVE-2020-35654
In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode...
CVE-2020-35654
Pillow CVE-2020-35654 affects TiffDecode: heap-based buffer overflow when decoding crafted YCbCr files due to interpretation conflicts with LibTIFF in RGBA mode. Affected versions are Pillow before 8.1.0 (and related notes indicate an incomplete fix extending to 8.1.1 per downstream advisories). ...
[ASA-202101-11] python-pillow: multiple issues
Arch Linux Security Advisory ASA-202101-11 ========================================== Severity: Medium Date : 2021-01-12 CVE-ID : CVE-2020-35653 CVE-2020-35654 CVE-2020-35655 Package : python-pillow Type : multiple issues Remote : No Link : https://security.archlinux.org/AVG-1438 Summary =======...
GLSA-202101-08 : Pillow: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202101-08 Pillow: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Pillow. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for details...