[SECURITY] Fedora 39 Update: python-pillow-10.3.0-1.fc39

Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk tk interface, qt PIL image wrapper for Qt, devel developmen...

[SECURITY] [DLA 3768-1] pillow security update

Debian LTS Advisory DLA-3768-1 [email protected] https://www.debian.org/lts/security/ Sean Whitton March 22, 2024 https://wiki.debian.org/LTS Package : pillow Version : 5.4.1-2+deb10u5 CVE ID : CVE-2021-23437 CVE-2022-22817 CVE-2023-44271 Multiple vulnerabilities were discovered in the...

UBUNTU-CVE-2023-50447

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 which was about the expression parameter...

SUSE CVE-2014-1932

The 1 loaddjpeg function in JpegImagePlugin.py, 2 Ghostscript function in EpsImagePlugin.py, 3 load function in IptcImagePlugin.py, and 4 copy function in Image.py in Python Image Library PIL 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users...

SUSE CVE-2014-1933

The 1 JpegImagePlugin.py and 2 EpsImagePlugin.py scripts in Python Image Library PIL 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes...

SUSE CVE-2014-3589

PIL/IcnsImagePlugin.py in Python Imaging Library PIL and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size...

SUSE CVE-2016-2533

Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library PIL 1.1.7 and earlier allows remote attackers to cause a denial of service crash via a crafted PhotoCD file...

SUSE CVE-2021-34552

Pillow through 8.2.0 and PIL aka Python Imaging Library through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c...

GHSA-CFMR-38G9-F2H7 Pillow denial of service via Crafted Block Size

PIL/IcnsImagePlugin.py in Python Imaging Library PIL and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size...

Pillow denial of service via Crafted Block Size

PIL/IcnsImagePlugin.py in Python Imaging Library PIL and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size...

Mageia: Security Advisory (MGASA-2014-0159)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Improper Initialization in Pillow

Pillow is the friendly PIL Python Imaging Library fork. pathgetbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path...

GHSA-PW3C-H7WP-CVHX Improper Initialization in Pillow

Pillow is the friendly PIL Python Imaging Library fork. pathgetbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path...

[SECURITY] [DLA 2716-1] pillow security update

Debian LTS Advisory DLA-2716-1 [email protected] https://www.debian.org/lts/security/ Neil Williams July 22, 2021 https://wiki.debian.org/LTS Package : pillow Version : 4.0.0-4+deb9u3 CVE ID : CVE-2020-35653 CVE-2021-25290 CVE-2021-28676 CVE-2021-28677 CVE-2021-34552 Debian Bug : 991293...

Pillow: Multiple vulnerabilities

Background Python Imaging Library fork Description Multiple vulnerabilities have been discovered in Pillow. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...

ALPINE-CVE-2021-34552

Pillow through 8.2.0 and PIL aka Python Imaging Library through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c...

DEBIAN-CVE-2021-34552

Pillow through 8.2.0 and PIL aka Python Imaging Library through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c...

CVE-2021-34552

Pillow through 8.2.0 and PIL aka Python Imaging Library through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c...

UBUNTU-CVE-2021-34552

Pillow through 8.2.0 and PIL aka Python Imaging Library through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c...

Buffer overflow

Pillow through 8.2.0 and PIL aka Python Imaging Library through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c...