Lucene search
K

114 matches found

Github Security Blog
Github Security Blog
added 2021/03/29 4:35 p.m.54 views

Out of bounds write in Pillow

An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654...

9.8CVSS2.9AI score0.02281EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2021/03/19 4:15 a.m.4 views

ALPINE-CVE-2021-25289

An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654...

9.8CVSS9.1AI score0.02281EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2021/03/19 3:29 a.m.41 views

CVE-2021-25289

An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654...

9.8CVSS9.7AI score0.02281EPSS
Exploits0
Cvelist
Cvelist
added 2021/03/19 3:29 a.m.44 views

CVE-2021-25289

An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654...

9.7AI score0.02281EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2021/03/19 3:29 a.m.39 views

CVE-2021-25289

An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654...

9.8CVSS7.6AI score0.02281EPSS
Exploits0
CVE
CVE
added 2021/03/19 3:29 a.m.249 views

CVE-2021-25289

CVE-2021-25289 affects Pillow before 8.1.1. The issue is a heap-based buffer overflow in TiffDecode when decoding crafted YCbCr files, triggered by interpretation conflicts with LibTIFF in RGBA mode. This stems from an incomplete fix for CVE-2020-35654. The CVE is documented with high severity (C...

9.8CVSS9.4AI score0.02281EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/18 7:55 p.m.68 views

Pillow Out-of-bounds Write

In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode...

8.8CVSS9.2AI score0.01789EPSS
Exploits0References9Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/03/15 12:0 a.m.40 views

Fedora 33 : mingw-python-pillow / python-pillow / python2-pillow (2021-15845d3abe)

The remote Fedora 33 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2021-15845d3abe advisory. - In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts...

9.8CVSS7.4AI score0.04851EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2021/03/15 12:0 a.m.48 views

Fedora 32 : python-pillow / python2-pillow (2021-0ece308612)

The remote Fedora 32 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2021-0ece308612 advisory. - In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts...

9.8CVSS7.4AI score0.04851EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2021/03/10 12:0 a.m.35 views

NewStart CGSL MAIN 6.02 : libtiff Vulnerability (NS-SA-2021-0058)

The remote NewStart CGSL host, running version MAIN 6.02, has libtiff packages installed that are affected by a vulnerability: - tifgetimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow...

8.8CVSS7.2AI score0.03356EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2021/03/03 5:4 p.m.37 views

CVE-2021-25289

A flaw was found in python-pillow. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. The previous fix for CVE-2020-35654 was insufficient due to incorrect error checking in TiffDecode.c. The highest...

9.8CVSS2.2AI score0.02281EPSS
Exploits0References3
OSV
OSV
added 2021/03/03 12:0 a.m.9 views

UBUNTU-CVE-2021-25289

An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654...

9.8CVSS7.2AI score0.02281EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2021/03/03 12:0 a.m.50 views

CVE-2021-25289

An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654...

9.8CVSS6.9AI score0.02281EPSS
Exploits0References3
OSV
OSV
added 2021/01/12 9:15 a.m.1 views

DEBIAN-CVE-2020-35654

In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode...

8.8CVSS9AI score0.01789EPSS
Exploits0References1
OSV
OSV
added 2021/01/12 9:15 a.m.34 views

CVE-2020-35654

In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode...

8.8CVSS8.8AI score
Exploits0References5
NVD
NVD
added 2021/01/12 9:15 a.m.19 views

CVE-2020-35654

In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode...

8.8CVSS9.3AI score0.01789EPSS
Exploits0References5
Prion
Prion
added 2021/01/12 9:15 a.m.37 views

Heap overflow

In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode...

6.8CVSS9.2AI score0.01789EPSS
Exploits0References5Affected Software2
PyPA
PyPA
added 2021/01/12 9:15 a.m.6 views

PYSEC-2021-70

In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode...

8.8CVSS7.4AI score0.01789EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2021/01/12 8:6 a.m.223 views

CVE-2020-35654

Pillow CVE-2020-35654 affects TiffDecode: heap-based buffer overflow when decoding crafted YCbCr files due to interpretation conflicts with LibTIFF in RGBA mode. Affected versions are Pillow before 8.1.0 (and related notes indicate an incomplete fix extending to 8.1.1 per downstream advisories). ...

8.8CVSS9.2AI score0.01789EPSS
Exploits0References5Affected Software1
AlpineLinux
AlpineLinux
added 2021/01/12 8:6 a.m.44 views

CVE-2020-35654

In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode...

8.8CVSS9.5AI score0.01789EPSS
Exploits0
Rows per page
Query Builder