Astra Linux - уязвимость в pillow

A issue was discovered in Pillow before version 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop during loading...

BIT-PILLOW-2021-28676

An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load...

SUSE CVE-2020-5313

libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow...

EulerOS Virtualization 3.0.2.2 : python-pillow (EulerOS-SA-2023-1288)

According to the versions of the python-pillow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service ReDoS via the getrgb...

Amazon Linux 2 : python-pillow, --advisory ALAS2-2022-1786 (ALAS-2022-1786)

The version of python-pillow installed on the remote host is prior to 2.0.0-23.gitd1c6db8. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1786 advisory. A flaw was found in python-pillow. The vulnerability occurs due to improper initialization of image path...

AlmaLinux 8 : python-pillow (ALSA-2021:4149)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2021:4149 advisory. - In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer...

The vulnerability of the FliDecode component in the Pillow image processing library, related to the execution of a loop with an unreachable exit condition, allows a hacker to cause a service failure.

The vulnerability of the FliDecode component in the Pillow image processing library is related to an improper check, which results in a non-zero value being promoted as zero for the FLI data. Exploiting this vulnerability could allow a remote attacker to cause service failures...

Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2021-2432)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : python-pillow (EulerOS-SA-2021-2345)

According to the versions of the python-pillow package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative t...

Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2021-2345)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability in the FliDecode.c function from the Pillow image processing library involves reading data beyond the allowed buffer limits. This allows an attacker to access confidential information or cause service failures.

The vulnerability in the function from the libImaging/FliDecode.c library, which is used for working with images in Pillow, involves reading data beyond the acceptable buffer limits. Exploiting this vulnerability could allow an attacker to access confidential information or cause service failures...

GHSA-7R7M-5H27-29HP Potential infinite loop in Pillow

An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load...

Potential infinite loop in Pillow

An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load...

Pillow Denial of Service Vulnerability (CNVD-2021-54032)

Pillow is a Python-based image processing library. a denial of service vulnerability exists in versions prior to Pillow 8.2.0, which stems from the fact that for FLI data, FliDecode does not properly check whether the block advance is non-zero, and an attacker can exploit this vulnerability to...

PYSEC-2021-92

An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load...

CVE-2021-28676

An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load...

EulerOS 2.0 SP3 : python-pillow (EulerOS-SA-2021-1840)

According to the versions of the python-pillow package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.CVE-2021-25290 - I...

Denial Of Service (DoS) Via Infinite Loop

pillow is vulnerable to denial of service attacks. Lack of necessary checks in FliDecode allow the value of advance to remain zero, triggering an infinite loop...

Pillow 安全漏洞

Pillow is a Python-based image processing library. a denial of service vulnerability exists in versions prior to Pillow 8.2.0, which stems from the fact that for FLI data, FliDecode does not properly check whether the block advance is non-zero, and an attacker can exploit this vulnerability to...

EulerOS 2.0 SP2 : python-pillow (EulerOS-SA-2021-1353)

According to the versions of the python-pillow package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is truste...