18 matches found
CVE-2026-27809
psd-tools is a Python package for working with Adobe Photoshop PSD files. Prior to version 1.12.2, when a PSD file contains malformed RLE-compressed image data e.g. a literal run that extends past the expected row size, decoderle raises ValueError which propagated all the way to the user, crashin...
PT-2026-22058
Name of the Vulnerable Software and Affected Versions psd-tools versions prior to 1.12.2 Description psd-tools, a Python package for working with Adobe Photoshop PSD files, contains multiple issues. A lack of a length cap on zlib.decompress can lead to denial-of-service or out-of-memory crashes...
EUVD-2024-0031
Malicious code in bioql PyPI...
SUSE-SU-2024:1673-1 Security update for python-Pillow
This update for python-Pillow fixes the following issues: - Fixed ImagePath.Path array handling bsc1194552, CVE-2022-22815, bsc1194551, CVE-2022-22816 - Use snprintf instead of sprintf bsc1188574, CVE-2021-34552 - Fix Memory DOS in Icns, Ico and Blp Image Plugins. bsc1183110, CVE-2021-27921,...
cryptography NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override
If pkcs12.serializekeyandcertificates is called with both: 1. A certificate whose public key did not match the provided private key 2. An encryptionalgorithm with hmachash set via PrivateFormat.PKCS12.encryptionbuilder.hmachash... Then a NULL pointer dereference would occur, crashing the Python...
PYSEC-2024-225
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if pkcs12.serializekeyandcertificates is called with both a certificate whose public key did not match the provided private key and an...
PYSEC-2024-225
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if pkcs12.serializekeyandcertificates is called with both a certificate whose public key did not match the provided private key and an...
CVE-2024-26130
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if pkcs12.serializekeyandcertificates is called with both a certificate whose public key did not match the provided private key and an...
Null pointer dereference
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if pkcs12.serializekeyandcertificates is called with both a certificate whose public key did not match the provided private key and an...
CVE-2024-26130
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if pkcs12.serializekeyandcertificates is called with both a certificate whose public key did not match the provided private key and an...
CVE-2024-26130 cryptography NULL pointer deference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if pkcs12.serializekeyandcertificates is called with both a certificate whose public key did not match the provided private key and an...
CVE-2024-26130
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if pkcs12.serializekeyandcertificates is called with both a certificate whose public key did not match the provided private key and an...
CVE-2022-33124
AIOHTTP 3.8.1 can report a "ValueError: Invalid IPv6 URL" outcome, which can lead to a Denial of Service DoS. NOTE: multiple third parties dispute this issue because there is no example of a context in which denial of service would occur, and many common contexts have exception handing in the...
CVE-2022-33124
AIOHTTP 3.8.1 can report a "ValueError: Invalid IPv6 URL" outcome, which can lead to a Denial of Service DoS. NOTE: multiple third parties dispute this issue because there is no example of a context in which denial of service would occur, and many common contexts have exception handing in the...
CVE-2022-33124
AIOHTTP 3.8.1 can report a "ValueError: Invalid IPv6 URL" outcome, which can lead to a Denial of Service DoS. NOTE: multiple third parties dispute this issue because there is no example of a context in which denial of service would occur, and many common contexts have exception handing in the...
Design/Logic Flaw
AIOHTTP 3.8.1 can report a "ValueError: Invalid IPv6 URL" outcome, which can lead to a Denial of Service DoS. NOTE: multiple third parties dispute this issue because there is no example of a context in which denial of service would occur, and many common contexts have exception handing in the...
CVE-2022-33124
CVE-2022-33124 (aiohttp 3.8.1): A denial of service can occur via an invalid IPv6 URL that triggers a ValueError, as reported in multiple sources. The IBM Cloud Pak for Watson AIOps bulletin lists CVE-2022-33124 with a CVSS base score of 5.5 (3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) and notes tha...
FreeBSD : py-twisted -- multiple vulnerabilities (9fbaefb3-837e-11ea-b5b4-641c67a117d8) (Ping Flood) (Reset Flood) (Settings Flood)
Twisted developers reports : All HTTP clients in twisted.web.client now raise a ValueError when called with a method and/or URL that contain invalid characters. This mitigates CVE-2019-12387. Thanks to Alex Brasetvik for reporting this vulnerability. The HTTP/2 server implementation now enforces...