9 matches found
CVE-2020-5312
CVE-2020-5312 is a Pillow vulnerability where libImaging/PcxDecode.c may overflow the PCX P mode buffer in Pillow versions before 6.2.2. The issue arises during decoding PCX images and could impact memory handling in affected builds. Public advisories and release notes indicate upgrading Pillow t...
CVE-2020-5313
Pillow (libImaging/FliDecode.c) has an FLI buffer overflow in versions before 6.2.2. Affected: Pillow/Python imaging library; root cause is an FLI decode buffer overflow. Impact is described as overflow in loading FLI images. Remediation: upgrade to Pillow 6.2.2 or later (per the CVE entry and ve...
CVE-2020-5311
Pillow’s vulnerability CVE-2020-5311 affects the libImaging/SgiRleDecode.c path and is triggered by an SGI buffer overflow in Pillow versions before 6.2.2. The issue is in the SGI image parsing code, not in a user-provided input path description; impact is partial to high depending on exposure of...
CVE-2020-5310
CVE-2020-5310 affects Pillow’s TIFF decoding path, specifically libImaging/TiffDecode.c. The root cause is a TIFF decoding integer overflow tied to memory reallocation (realloc), exposing Pillow versions prior to 6.2.2 to potential crash or compromise when processing crafted TIFF images. Affected...
CVE-2019-19911
Summary (CVE-2019-19911) : Pillow before 6.2.2 contains a DoS vulnerability in FpxImagePlugin.py where range() is applied to an unvalidated 32‑bit integer when the number of bands is large. On 32‑bit Windows Python this can trigger OverflowError or MemoryError due to the 2 GB limit; on 64‑bit Lin...
CVE-2020-10177
CVE-2020-10177 affects Pillow prior to 7.1.0, with multiple out-of-bounds reads in libImaging/FliDecode.c. Technical details across connected advisories confirm affected package is python-pillow and fixes are provided in Pillow 7.1.0+ (e.g., ALAS-2024-2648, ALAS2 advisories; Mageia notes referenc...
CVE-2020-10378
In Pillow, CVE-2020-10378 is an out-of-bounds read in the PCX decoding path. Specifically, in libImaging/PcxDecode.c, when reading PCX files, state->shuffle may be instructed to read beyond state->buffer, enabling an out-of-bounds access. This vulnerability is documented for Pillow releases...
CVE-2020-10994
CVE-2020-10994 affects Pillow, specifically in libImaging/Jpeg2KDecode.c. The vulnerability consists of multiple out-of-bounds reads when decoding JP2 files, as described in the CVE entry and corroborated by connected advisories. Affected versions are Pillow before 7.1.0; remediation is to upgrad...
CVE-2020-10379
Summary: CVE-2020-10379 affects Pillow prior to 7.1.0, with two Buffer Overflows in libImaging/TiffDecode.c. This is documented in the CVE as a vulnerability with partial confidentiality, integrity, and availability impact (CVSS v3.1: 7.8, LOCAL, UI REQUIRED; CVSS v2: 6.8). The initial descriptio...