SUSE-SU-2021:14692-1 Security update for clamav

This update for clamav fixes the following issues: - CVE-2021-1252: Fix for Excel XLM parser infinite loop. bsc1184532 - CVE-2021-1404: Fix for PDF parser buffer over-read; possible crash. bsc1184533 - CVE-2021-1405: Fix for mail parser NULL-dereference crash. bsc1184534 - Fix errors when scannin...

SUSE SLES12 Security Update : clamav (SUSE-SU-2021:1174-1)

This update for clamav fixes the following issues : CVE-2021-1252: Fix for Excel XLM parser infinite loop. bsc1184532 CVE-2021-1404: Fix for PDF parser buffer over-read; possible crash. bsc1184533 CVE-2021-1405: Fix for mail parser NULL-dereference crash. bsc1184534 Fix errors when scanning files...

SUSE-SU-2021:1174-1 Security update for clamav

This update for clamav fixes the following issues: - CVE-2021-1252: Fix for Excel XLM parser infinite loop. bsc1184532 - CVE-2021-1404: Fix for PDF parser buffer over-read; possible crash. bsc1184533 - CVE-2021-1405: Fix for mail parser NULL-dereference crash. bsc1184534 - Fix errors when scannin...

CVE-2021-1405 Clam AntiVirus (ClamAV) PDF Parser Denial of Service Vulnerability

A vulnerability in the email parsing module in Clam AntiVirus ClamAV Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper variable initialization that may...

Regular Expression Denial of Service (ReDoS) in Pillow

An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS ReDoS attack via a crafted PDF file because of a catastrophic backtracking regex...

CVE-2021-25292

An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS ReDoS attack via a crafted PDF file because of a catastrophic backtracking regex...

DEBIAN-CVE-2021-25292

An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS ReDoS attack via a crafted PDF file because of a catastrophic backtracking regex...

Design/Logic Flaw

An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS ReDoS attack via a crafted PDF file because of a catastrophic backtracking regex...

CVE-2021-25292

An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS ReDoS attack via a crafted PDF file because of a catastrophic backtracking regex...

CVE-2021-25292

An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS ReDoS attack via a crafted PDF file because of a catastrophic backtracking regex...

CVE-2021-25292

Pillow (Python Imaging Library fork) prior to 8.1.1 is affected by a vulnerability in its PDF format parser that allows a regular expression DoS (ReDoS) via a crafted PDF file due to a catastrophic backtracking regex. This can impact availability as indicated by the CVSS vector in the CVE entry, ...

Fedora 32 : python-pillow / python2-pillow (2021-0ece308612)

The remote Fedora 32 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2021-0ece308612 advisory. - In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts...

Fedora 33 : mingw-python-pillow / python-pillow / python2-pillow (2021-15845d3abe)

The remote Fedora 33 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2021-15845d3abe advisory. - In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts...

CVE-2021-25292

An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS ReDoS attack via a crafted PDF file because of a catastrophic backtracking regex...

CVE-2021-252892

The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack...

Nitro Software Nitro Pro Resource Management Error Vulnerability

Nitro Software Nitro Pro is a U.S. Nitro Software PDF document editor software. The software supports PDF document editing, PDF document formatting and encryption of PDF documents and other functions. Nitro Software Nitro Pro 13.9.1.155 version of the PDF parser there is a resource management err...

CVE-2020-6092

An exploitable code execution vulnerability exists in the way Nitro Pro 13.9.1.155 parses Pattern objects. A specially crafted PDF file can trigger an integer overflow that can lead to arbitrary code execution. In order to trigger this vulnerability, victim must open a malicious file...

CVE-2020-6074

An exploitable code execution vulnerability exists in the PDF parser of Nitro Pro 13.9.1.155. A specially crafted PDF document can cause a use-after-free which can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability...

Remote code execution

An exploitable code execution vulnerability exists in the PDF parser of Nitro Pro 13.9.1.155. A specially crafted PDF document can cause a use-after-free which can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2020-6092

An exploitable code execution vulnerability exists in the way Nitro Pro 13.9.1.155 parses Pattern objects. A specially crafted PDF file can trigger an integer overflow that can lead to arbitrary code execution. In order to trigger this vulnerability, victim must open a malicious file...