Pillow has a heap buffer overflow with nested list coordinates

Passing nested lists as coordinates to APIs that accept coordinates such as ImagePath.Path, ImageDraw.ImageDraw.polygon and ImageDraw.ImageDraw.line could cause a heap buffer overflow, as nested lists were recursively unpacked beyond the allocated buffer. Coordinate lists are now validated to...

Astra Linux – Vulnerability in pillow

The pathgetbbox function in path.c of Pillow, prior to version 9.0.0, improperly initializes ImagePath.Path...

Astra Linux – Vulnerability in pillow

In the path.c file of Pillow, before version 9.0.0, there was an issue where the pathgetbbox function had a buffer over-reading during the initialization of ImagePath.Path...

EUVD-2000-1113

Malware in sbrugna...

EUVD-2009-0836

Malware in sbrugna...

CVE-2025-8070

The Windows service configuration of ABP and AES contains an unquoted ImagePath registry value vulnerability. This allows a local attacker to execute arbitrary code by placing a malicious executable in a predictable location such as C:\Program.exe. If the service runs with elevated privileges,...

CVE-2025-8070

The Windows service configuration of ABP and AES contains an unquoted ImagePath registry value vulnerability. This allows a local attacker to execute arbitrary code by placing a malicious executable in a predictable location such as C:\Program.exe. If the service runs with elevated privileges,...

CVE-2025-8070

The CVE-2025-8070 issue affects ABP (≤ 2.0.7.6130) and AES (≤ 1.0.6.6133). It is caused by an unquoted ImagePath registry value in the Windows service configuration, enabling a local attacker to place a malicious executable in a path with spaces (e.g., C:\Program.exe) and execute it. If the servi...

CVE-2025-8070 Windows service registered with an unquoted ImagePath vulnerability in the system registry

The Windows service configuration of ABP and AES contains an unquoted ImagePath registry value vulnerability. This allows a local attacker to execute arbitrary code by placing a malicious executable in a predictable location such as C:\Program.exe. If the service runs with elevated privileges,...

CVE-2025-8070 Windows service registered with an unquoted ImagePath vulnerability in the system registry

The Windows service configuration of ABP and AES contains an unquoted ImagePath registry value vulnerability. This allows a local attacker to execute arbitrary code by placing a malicious executable in a predictable location such as C:\Program.exe. If the service runs with elevated privileges,...

PT-2025-30547 · Abp +1 · Abp +1

Name of the Vulnerable Software and Affected Versions: ABP versions prior to 2.0.7.6130 AES versions prior to 1.0.6.6133 Description: The Windows service configuration of ABP and AES contains an unquoted ImagePath registry value vulnerability. This allows a local attacker to execute arbitrary cod...

ASUSTOR Backup Plan 安全漏洞

ASUSTOR Backup Plan ABP is a Windows backup tool from Hua Yun Technology ASUSTOR Inc. of Taipei, China. A security vulnerability exists in ASUSTOR Backup Plan version 2.0.7.6130 and earlier and AES version 1.0.6.6133 and earlier, which stems from an unquoted ImagePath registry value that could le...

Grafana Alloy unquoted service path

On a windows machine, the Grafana Alloy service prior to 1.3.3 is vulnerable to a privilege escalation from local user to SYSTEM due to an unquoted service path. It is recommended that you remove the Grafana Alloy installation and do a clean install. An update will not resolve the issue. An...

SUSE-SU-2024:1673-1 Security update for python-Pillow

This update for python-Pillow fixes the following issues: - Fixed ImagePath.Path array handling bsc1194552, CVE-2022-22815, bsc1194551, CVE-2022-22816 - Use snprintf instead of sprintf bsc1188574, CVE-2021-34552 - Fix Memory DOS in Icns, Ico and Blp Image Plugins. bsc1183110, CVE-2021-27921,...

BIT-PILLOW-2022-22816

pathgetbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path...

SUSE CVE-2022-22815

pathgetbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path...

SUSE CVE-2022-22816

pathgetbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path...

Duplicate Advisory: KubeVirt arbitrary host file read from the VM

Duplicate Advisory This advisory is a duplicate of GHSA-qv98-3369-g364. This link is maintained to preserve external references. Original Description Summary As part of a Kubevirt audit performed by NCC group, a finding dealing with systemic lack of path sanitization which leads to a path travers...

PT-2022-14121 · Kubevirt +1 · Kubevirt +1

Name of the Vulnerable Software and Affected Versions: KubeVirt versions up to 0.56 KubeVirt version 0.55.1 Description: A path traversal vulnerability in KubeVirt allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are...

EulerOS 2.0 SP10 : python-pillow (EulerOS-SA-2022-1495)

According to the versions of the python-pillow package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - pathgetbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. CVE-2022-22815 - pathgetbbox in path.c in Pillow befor...