CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15 matches found

OSV•added 2024/03/06 11:3 a.m.•18 views

BIT-PILLOW-2021-28678

An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads after jumping to file offsets returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data...

5.5CVSS6.8AI score0.0011EPSS

Exploits0References5

SUSE CVE•added 2023/02/15 3:44 a.m.•2 views

SUSE CVE-2021-28678

7.5CVSS6.2AI score0.0011EPSS

Exploits0References5

Tenable Nessus•added 2021/08/10 12:0 a.m.•43 views

EulerOS 2.0 SP8 : python-pillow (EulerOS-SA-2021-2314)

According to the versions of the python-pillow packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2kugrayala.CVE-2021-25287 - An issue was...

9.1CVSS6.7AI score0.00418EPSS

Exploits0References10

Tenable Nessus•added 2021/08/09 12:0 a.m.•32 views

EulerOS 2.0 SP9 : python-pillow (EulerOS-SA-2021-2279)

According to the versions of the python-pillow package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Pillow before 8.1.1 allows attackers to cause a denial of service memory consumption because the reported size of a contained image is not...

9.1CVSS6.9AI score0.00418EPSS

Exploits0References11

Tenable Nessus•added 2021/08/09 12:0 a.m.•28 views

EulerOS 2.0 SP9 : python-pillow (EulerOS-SA-2021-2253)

9.1CVSS6.9AI score0.00418EPSS

Exploits0References11

Tenable Nessus•added 2021/07/13 12:0 a.m.•30 views

EulerOS Virtualization 2.9.1 : python-pillow (EulerOS-SA-2021-2187)

According to the versions of the python-pillow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Pillow before 8.1.1 allows attackers to cause a denial of service memory consumption because the reported size of a contain...

9.1CVSS7AI score0.00418EPSS

Exploits0References11

CNVD•added 2021/06/04 12:0 a.m.•29 views

Pillow Denial of Service Vulnerability (CNVD-2021-54029)

Pillow is a Python-based image processing library. A denial of service vulnerability exists in versions of Pillow prior to 8.2.0. The vulnerability stems from the fact that for BLP data, the BlpImagePlugin does not properly check the data returned by the read, and an attacker could exploit this...

5.5CVSS4.4AI score0.0011EPSS

Exploits0References1

OSV•added 2021/06/02 4:15 p.m.•26 views

CVE-2021-28678

5.5CVSS5.3AI score0.0011EPSS

Exploits0References4

Prion•added 2021/06/02 4:15 p.m.•26 views

Design/Logic Flaw

4.3CVSS6.8AI score0.0011EPSS

Exploits0References4Affected Software2

OSV•added 2021/06/02 4:15 p.m.•28 views

PYSEC-2021-94

5.5CVSS1.3AI score0.0011EPSS

Exploits0References4

Cvelist•added 2021/06/02 3:16 p.m.•24 views

CVE-2021-28678

7.2AI score0.0011EPSS

Exploits0References4

CVE•added 2021/06/02 3:16 p.m.•183 views

CVE-2021-28678

CVE-2021-28678 affects Pillow prior to 8.2.0, where the BlpImagePlugin for BLP data failed to properly validate reads after seeking to file offsets. This can allow a denial-of-service by repeatedly decoding on empty data. Root cause: insufficient checks on data returned by reads in BlpImagePlugin...

5.5CVSS6.8AI score0.0011EPSS

Exploits0References4Affected Software1