750 matches found
CVE-2021-28678
A flaw was found in python-pillow. BlpImagePlugin did not properly check that reads after jumping to file offsets returned data. This could lead to a denial-of-service where the decoder could be run a large number of times on empty data. Mitigation To mitigate this feature on Red Hat Quay keep th...
CVE-2021-28677
A flaw was found in python-pillow. The readline used in EPS has to deal with any combination of \r and \n as line endings. It accidentally used a quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a denial-of-service of Pillow in...
CVE-2021-28676
A flaw was found in python-pillow. FliDecode.c did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load. This issue dates to the PIL fork. The highest threat from this vulnerability is to system availability. Mitigation To mitigate this feature o...
CVE-2021-28675
A flaw was found in python-pillow. PsdImagePlugin.PsdImageFile does not sanity check the number of input layers with regard to the size of the data block which could lead to a denial-of-service...
Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2021-1840)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP3 : python-pillow (EulerOS-SA-2021-1840)
According to the versions of the python-pillow package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.CVE-2021-25290 - I...
EulerOS Virtualization 2.9.0 : python-pillow (EulerOS-SA-2021-1743)
According to the versions of the python-pillow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.CVE-2020-5313 - An out-of-bounds write flaw was...
EulerOS Virtualization 2.9.1 : python-pillow (EulerOS-SA-2021-1729)
According to the versions of the python-pillow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.CVE-2020-5313 - An out-of-bounds write flaw was...
Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2021-1743)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2021-1729)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP5 : python-pillow (EulerOS-SA-2021-1702)
According to the versions of the python-pillow package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is truste...
Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2021-1702)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for mingw-python-pillow (FEDORA-2021-9016a9b7bd)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for python-pillow (FEDORA-2021-9016a9b7bd)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for mingw-python-pillow (FEDORA-2021-15845d3abe)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora 33 : mingw-python-pillow / python-pillow / python2-pillow (2021-15845d3abe)
The remote Fedora 33 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2021-15845d3abe advisory. - In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts...
Fedora: Security Advisory for python-pillow (FEDORA-2021-0ece308612)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for python-pillow (FEDORA-2021-15845d3abe)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
NewStart CGSL CORE 5.04 / MAIN 5.04 : python-pillow Vulnerability (NS-SA-2021-0038)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has python-pillow packages installed that are affected by a vulnerability: - libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow. CVE-2020-5313 Note that Nessus has not tested for this issue but has instead...
EulerOS Virtualization 3.0.2.6 : python-pillow (EulerOS-SA-2021-1421)
According to the versions of the python-pillow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state-shuffl...