OESA-2026-2066 python-pillow security update

Pillow is the friendly PIL fork by Alex Clark and Contributors. PIL is the Python Imaging \ Library by Fredrik Lundh and Contributors. As of 2019, Pillow development is supported by Tidelift. of CVE-2022-22815,CVE-2022-22816 Security Fixes: Pillow is a Python imaging library. Versions 10.3.0...

CVE-2026-40192

A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to trigger a denial of service DoS by providing a specially crafted FITS image file. The library's failure to limit the amount of GZIP-compressed data during decoding can lead to unbounded memory...

Pillow 安全漏洞

Pillow is an open-source image processing library developed by Pillow. Versions of Pillow from 10.3.0 to 12.1.1 contain security vulnerabilities. These vulnerabilities stem from the lack of restrictions on the amount of GZIP compressed data read during the decoding of FITS images, which may lead ...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via decompression bomb, in FitsGzipDecoder. An attacker can cause an OOM and crash the application or severely degrade its performance by supplying a malicious FITS file containing...

apko affected by unbounded resource consumption in expandapk.Split on attacker-controlled .apk streams

expandapk.Split drains the first gzip stream of an APK archive via io.Copyio.Discard, gzi without explicit bounds. With an attacker-controlled input stream, this can force large gzip inflation work and lead to resource exhaustion availability impact. The Split function reads the first tar header,...

Siemens SIMATIC S7-1500 TM MFP BIOS Improper Handling of Exceptional Conditions (CVE-2021-28831)

decompressgunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huftbuild result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more informatio...

ROS-2-1188

2.1188 BusyBox Denial of Service CVE-2021-28831 1. Vulnerability Description: The vulnerability allows a remote attacker to perform a denial of service DoS attack. The vulnerability exists due to improper handling of the error bit in the huftbuild result pointer in the decopressgunzip.c file. A...

BIT-FLUENT-BIT-2020-35963

flbgzipcompress in flbgzip.c in Fluent Bit before 1.6.4 has an out-of-bounds write because it does not use the correct calculation of the maximum gzip data-size expansion...

Security update for busybox (important)

openSUSE Security Update: Security update for busybox Announcement ID: openSUSE-SU-2021:1408-1 Rating: important References: 1099260 1099263 1121426 1184522 951562 Cross-References: CVE-2011-5325 CVE-2018-1000500 CVE-2018-1000517 CVE-2018-20679 CVE-2021-28831 CVSS scores: CVE-2011-5325 NVD : 7.5...

CLSA-2021-1635459154 Fix CVE(s): CVE-2021-28831

SECURITY UPDATE: operation on invalid pointer - debian/patches/CVE-2021-28831.patch: decompressgunzip.c mishandles the error bit on the huftbuild result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data. - CVE-2021-28831...

SUSE SLED15 / SLES15 Security Update : busybox (SUSE-SU-2021:3531-1)

The remote SUSE Linux SLED15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3531-1 advisory. - Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point...

openSUSE: Security Advisory for busybox (openSUSE-SU-2021:3531-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Huawei EulerOS: Security Advisory for busybox (EulerOS-SA-2021-2522)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Medium: busybox

Issue Overview: decompressgunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huftbuild result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data. CVE-2021-28831 Affected Packages: busybox Issue Correction: Run yum update busybox or yum update...

OESA-2021-1162 busybox security update

BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. It provides a fairly complete environment for any small or embedded system. Security Fixes:...

CVE-2020-35963

flbgzipcompress in flbgzip.c in Fluent Bit before 1.6.4 has an out-of-bounds write because it does not use the correct calculation of the maximum gzip data-size expansion...

Denial Of Service (DoS)

busybox is vulnerable to denial of service. The vulnerability exists due to the decompressgunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huftbuild result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data...

CVE-2021-28831

decompressgunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huftbuild result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data...

CVE-2021-28831

decompressgunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huftbuild result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data...

DEBIAN-CVE-2021-28831

decompressgunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huftbuild result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data...