Astra Linux - уязвимость в pillow

A issue was discovered in Pillow before version 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop during loading...

BIT-PILLOW-2021-28676

An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load...

SUSE CVE-2020-5313

libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow...

EulerOS Virtualization 3.0.2.2 : python-pillow (EulerOS-SA-2023-1288)

According to the versions of the python-pillow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service ReDoS via the getrgb...

Amazon Linux 2 : python-pillow, --advisory ALAS2-2022-1786 (ALAS-2022-1786)

The version of python-pillow installed on the remote host is prior to 2.0.0-23.gitd1c6db8. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1786 advisory. A flaw was found in python-pillow. The vulnerability occurs due to improper initialization of image path...

AlmaLinux 8 : python-pillow (ALSA-2021:4149)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2021:4149 advisory. - In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer...

Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2021-2432)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : python-pillow (EulerOS-SA-2021-2345)

According to the versions of the python-pillow package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative t...

Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2021-2345)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-7R7M-5H27-29HP Potential infinite loop in Pillow

An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load...

Potential infinite loop in Pillow

An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load...

Pillow Denial of Service Vulnerability (CNVD-2021-54032)

Pillow is a Python-based image processing library. a denial of service vulnerability exists in versions prior to Pillow 8.2.0, which stems from the fact that for FLI data, FliDecode does not properly check whether the block advance is non-zero, and an attacker can exploit this vulnerability to...

PYSEC-2021-92

An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load...

CVE-2021-28676

An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load...

EulerOS 2.0 SP3 : python-pillow (EulerOS-SA-2021-1840)

According to the versions of the python-pillow package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.CVE-2021-25290 - I...

Denial Of Service (DoS) Via Infinite Loop

pillow is vulnerable to denial of service attacks. Lack of necessary checks in FliDecode allow the value of advance to remain zero, triggering an infinite loop...

Pillow 安全漏洞

Pillow is a Python-based image processing library. a denial of service vulnerability exists in versions prior to Pillow 8.2.0, which stems from the fact that for FLI data, FliDecode does not properly check whether the block advance is non-zero, and an attacker can exploit this vulnerability to...

EulerOS 2.0 SP2 : python-pillow (EulerOS-SA-2021-1353)

According to the versions of the python-pillow package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is truste...

Updated python-pillow packages fix security vulnerabilities

Pillow before 6.2.3 and 7.x before 7.0.1 has multiple out-of-bounds reads in libImaging/FliDecode.c CVE-2020-10177. In libImaging/PcxDecode.c in Pillow before 6.2.3 and 7.x before 7.0.1, an out-of-bounds read can occur when reading PCX files where state-shuffle is instructed to read beyond...

EulerOS Virtualization for ARM 64 3.0.2.0 : python-pillow (EulerOS-SA-2020-1966)

According to the versions of the python-pillow package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where...