CVE-2026-33332 NiceGUI's unvalidated chunk size parameter in media routes can cause memory exhaustion

NiceGUI is a Python-based UI framework. Prior to version 3.9.0, NiceGUI's app.addmediafile and app.addmediafiles media routes accept a user-controlled query parameter that influences how files are read during streaming. The parameter is passed to the range-response implementation without...

CVE-2026-33332 NiceGUI's unvalidated chunk size parameter in media routes can cause memory exhaustion

NiceGUI is a Python-based UI framework. Prior to version 3.9.0, NiceGUI's app.addmediafile and app.addmediafiles media routes accept a user-controlled query parameter that influences how files are read during streaming. The parameter is passed to the range-response implementation without...

ALPINE-CVE-2019-19911

There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux...

PT-2020-5160 · Python Imaging Library +1 · Pillow +1

Name of the Vulnerable Software and Affected Versions: Pillow versions prior to 6.2.2 Description: The issue is caused by the FpxImagePlugin.py file calling the range function on an unvalidated 32-bit integer, which can lead to a denial of service DoS if the number of bands is large. On Windows...