EulerOS Virtualization 2.11.1 : python-pillow (EulerOS-SA-2024-1617)

According to the versions of the python-pillow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different...

EulerOS Virtualization 2.11.0 : python-pillow (EulerOS-SA-2024-1636)

According to the versions of the python-pillow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different...

Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2024-1617)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2024-1636)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE 15 Security Update : python-Pillow (openSUSE-SU-2024:0125-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2024:0125-1 advisory. - Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817...

OPENSUSE-SU-2024:0125-1 Security update for python-Pillow

This update for python-Pillow fixes the following issues: - CVE-2023-50447: Fixed arbitrary code execution via the environment parameter boo1219048...

Security update for python-Pillow (important)

openSUSE Security Update: Security update for python-Pillow Announcement ID: openSUSE-SU-2024:0125-1 Rating: important References: 1219048 Cross-References: CVE-2023-50447 CVSS scores: CVE-2023-50447 NVD : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2023-50447 SUSE: 8.4...

RHEL 8 : python-pillow (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - python-pillow: multiple out-of-bounds reads via a crafted JP2 file CVE-2020-10994 Note that Nessus has not tested f...

RHEL 7 : python-pillow (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-pillow: Buffer overflow in image convert function CVE-2021-34552 - Buffer overflow in the...

RHEL 6 : python-pillow (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-pillow: Missing check for negative image dimensions in ImagingNew Storage.c CVE-2016-9190 - Buffer...

openSUSE 15 Security Update : python-Pillow (SUSE-SU-2024:1607-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1607-1 advisory. - An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2kugrayala. CVE-2021-25287 - An issue was discover...

RHEL 5 : python-pillow (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-pillow: improperly restricted operations on memory buffer in libImaging/PcxDecode.c CVE-2020-5312 ...

SUSE-SU-2024:1607-1 Security update for python-Pillow

This update for python-Pillow fixes the following issues: - CVE-2021-25287: out-of-bounds read in J2kDecode in j2kugrayala bsc1185805 - CVE-2021-25288: out-of-bounds read in J2kDecode in j2kugrayi bsc1185803 - CVE-2021-28675: DoS in PsdImagePlugin bsc1185804 - CVE-2021-28676: infinite loop in...

Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2024-1600)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2024-1577)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP10 : python-pillow (EulerOS-SA-2024-1600)

According to the versions of the python-pillow package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than...

EulerOS 2.0 SP10 : python-pillow (EulerOS-SA-2024-1577)

According to the versions of the python-pillow package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than...

SUSE: Security Advisory (SUSE-SU-2024:1258-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2024-0133)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated python-pillow packages fix security vulnerabilities

CVE-2023-44271 Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. CVE-2024-28219 A...