Medium: python-pillow

Issue Overview: Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file. CVE-2016-0740 Affected Packages: python-pillow Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

SUSE CVE-2021-25290

An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size...

python-pillow: Negative-offset memcpy in TIFF image reader

A flaw was found in python-pillow. In TiffDecode.c, there is a negative-offset memcpy with an invalid size which could lead to a system crash...

The vulnerability of the TiffDecode.c component in the Pillow image processing library, related to out-of-buffer writing, allows a hacker to cause a service failure.

The vulnerability of the TiffDecode.c component in the Pillow image processing library is related to the lack of memory checks during reading operations. Exploiting this vulnerability could allow an attacker to cause a service failure...

GHSA-8XJQ-8FCG-G5HW Out-of-bounds Write in Pillow

An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size...

ALPINE-CVE-2021-25291

An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries...

ALPINE-CVE-2021-25290

An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size...

PYSEC-2021-35

An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654...

UBUNTU-CVE-2021-25291

An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries...

UBUNTU-CVE-2021-25289

An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654...

PYSEC-2021-70

In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode...

UBUNTU-CVE-2020-35654

In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode...

Pillow Buffer Overflow Vulnerability

Pillow is a Python based image processing library. A buffer overflow vulnerability in versions of Pillow prior to 8.1.0 causes a heap-based buffer overflow in TiffDecode when decoding specially crafted YCbCr files due to certain interpretations conflicting with LibTIFF in RGBA mode. An attacker...

PT-2020-12049 · Python Imaging Library +2 · Pillow +2

Name of the Vulnerable Software and Affected Versions: Pillow versions prior to 7.1.0 Pillow versions 7.x prior to 7.0.1 Pillow version 6.2.3 and earlier Description: The issue involves two Buffer Overflows in libImaging/TiffDecode.c. This affects Pillow, where the buffer overflows can occur due ...

DEBIAN-CVE-2020-5310

libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc...

DEBIAN-CVE-2016-0740

Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file...

PYSEC-2016-5

Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file...