SUSE-SU-2023:4630-1 Security update for python-Pillow

This update for python-Pillow fixes the following issues: - CVE-2023-44271: Fixed uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument bsc1216894...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-Pillow (SUSE-SU-2023:4528-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4528-1 advisory. - An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocate...

SUSE-SU-2023:4528-1 Security update for python-Pillow

This update for python-Pillow fixes the following issues: - CVE-2023-44271: Fixed uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument bsc1216894...

openSUSE 15 Security Update : python-Pillow (SUSE-SU-2023:4465-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2023:4465-1 advisory. - An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causin...

SUSE-SU-2023:4465-1 Security update for python-Pillow

This update for python-Pillow fixes the following issues: - CVE-2023-44271: Fixed uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument bsc1216894...

Fedora: Security Advisory for python-pillow (FEDORA-2023-1a120657f9)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 38 : python-pillow (2023-1a120657f9)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-1a120657f9 advisory. Update to 9.5.0, backport fix for CVE-2023-44271. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

Rocky Linux 8 : python-pillow (RLSA-2022:0643)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0643 advisory. - pathgetbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. CVE-2022-22815 - pathgetbbox in path.c in Pillow before 9.0.0 has ...

Rocky Linux 8 : python-pillow (RLSA-2020:3185)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:3185 advisory. - In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than...

Amazon Linux 2 : python-pillow (ALAS-2023-2286)

The version of python-pillow installed on the remote host is prior to 2.0.0-23.gitd1c6db8. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2286 advisory. The 1 loaddjpeg function in JpegImagePlugin.py, 2 Ghostscript function in EpsImagePlugin.py, 3 load...

Important: python-pillow

Issue Overview: The 1 loaddjpeg function in JpegImagePlugin.py, 2 Ghostscript function in EpsImagePlugin.py, 3 load function in IptcImagePlugin.py, and 4 copy function in Image.py in Python Image Library PIL 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which...

Amazon Linux 2 : python-pillow (ALAS-2023-2118)

The version of python-pillow installed on the remote host is prior to 2.0.0-23.gitd1c6db8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2118 advisory. The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service ReDoS via the...

Important: python-pillow

Issue Overview: The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service ReDoS via the getrgb function. CVE-2021-23437 Affected Packages: python-pillow Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the...

Amazon Linux 2 : python-pillow (ALAS-2023-2105)

The version of python-pillow installed on the remote host is prior to 2.0.0-23.gitd1c6db8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2105 advisory. An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number o...

Medium: python-pillow

Issue Overview: An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load. CVE-2021-28675 Affected Packages: python-pillow Note:...

EulerOS Virtualization 3.0.6.0 : python-pillow (EulerOS-SA-2023-2245)

According to the versions of the python-pillow packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data Data Amplification. CVE-2022-45198 Note that...

Amazon Linux 2 : python-pillow (ALAS-2023-2087)

The version of python-pillow installed on the remote host is prior to 2.0.0-23.gitd1c6db8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2087 advisory. An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invali...

Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2023-2245)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2 : python-pillow (ALAS-2023-2083)

The version of python-pillow installed on the remote host is prior to 2.0.0-23.gitd1c6db8. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2083 advisory. Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in ...

EulerOS Virtualization 2.11.0 : python-pillow (EulerOS-SA-2023-2101)

According to the versions of the python-pillow packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data Data Amplification. CVE-2022-45198 - Pillow...