Lucene search
K

10 matches found

CVE
CVE
added 2020/01/03 12:52 a.m.359 views

CVE-2020-5312

CVE-2020-5312 is a Pillow vulnerability where libImaging/PcxDecode.c may overflow the PCX P mode buffer in Pillow versions before 6.2.2. The issue arises during decoding PCX images and could impact memory handling in affected builds. Public advisories and release notes indicate upgrading Pillow t...

9.8CVSS9.4AI score0.0369EPSS
CVE
CVE
added 2020/01/03 12:52 a.m.354 views

CVE-2020-5313

Pillow (libImaging/FliDecode.c) has an FLI buffer overflow in versions before 6.2.2. Affected: Pillow/Python imaging library; root cause is an FLI decode buffer overflow. Impact is described as overflow in loading FLI images. Remediation: upgrade to Pillow 6.2.2 or later (per the CVE entry and ve...

7.1CVSS8.1AI score0.02752EPSS
CVE
CVE
added 2020/01/03 12:52 a.m.341 views

CVE-2020-5311

Pillow’s vulnerability CVE-2020-5311 affects the libImaging/SgiRleDecode.c path and is triggered by an SGI buffer overflow in Pillow versions before 6.2.2. The issue is in the SGI image parsing code, not in a user-provided input path description; impact is partial to high depending on exposure of...

9.8CVSS8.8AI score0.04212EPSS
CVE
CVE
added 2020/01/03 12:52 a.m.301 views

CVE-2020-5310

CVE-2020-5310 affects Pillow’s TIFF decoding path, specifically libImaging/TiffDecode.c. The root cause is a TIFF decoding integer overflow tied to memory reallocation (realloc), exposing Pillow versions prior to 6.2.2 to potential crash or compromise when processing crafted TIFF images. Affected...

8.8CVSS8.8AI score0.01975EPSS
CVE
CVE
added 2020/01/05 9:57 p.m.252 views

CVE-2019-19911

Summary (CVE-2019-19911) : Pillow before 6.2.2 contains a DoS vulnerability in FpxImagePlugin.py where range() is applied to an unvalidated 32‑bit integer when the number of bands is large. On 32‑bit Windows Python this can trigger OverflowError or MemoryError due to the 2 GB limit; on 64‑bit Lin...

7.5CVSS8.2AI score0.02118EPSS
CVE
CVE
added 2020/06/25 6:33 p.m.239 views

CVE-2020-10177

CVE-2020-10177 affects Pillow prior to 7.1.0, with multiple out-of-bounds reads in libImaging/FliDecode.c. Technical details across connected advisories confirm affected package is python-pillow and fixes are provided in Pillow 7.1.0+ (e.g., ALAS-2024-2648, ALAS2 advisories; Mageia notes referenc...

5.5CVSS6.3AI score0.01468EPSS
CVE
CVE
added 2020/06/25 6:32 p.m.146 views

CVE-2020-11538

CVE-2020-11538 affects Pillow up to 7.0.0, with out-of-bounds reads in SGI image parsing (libImaging/SgiRleDecode.c). Connected sources confirm Pillow as the impacted product and outline the vulnerability class, but do not provide exploit details. The fix is in Pillow 7.1.0 and later; remediation...

8.1CVSS8.7AI score0.02514EPSS
CVE
CVE
added 2020/06/25 6:22 p.m.137 views

CVE-2020-10378

In Pillow, CVE-2020-10378 is an out-of-bounds read in the PCX decoding path. Specifically, in libImaging/PcxDecode.c, when reading PCX files, state->shuffle may be instructed to read beyond state->buffer, enabling an out-of-bounds access. This vulnerability is documented for Pillow releases...

5.5CVSS6.2AI score0.01105EPSS
CVE
CVE
added 2020/06/25 6:26 p.m.132 views

CVE-2020-10994

CVE-2020-10994 affects Pillow, specifically in libImaging/Jpeg2KDecode.c. The vulnerability consists of multiple out-of-bounds reads when decoding JP2 files, as described in the CVE entry and corroborated by connected advisories. Affected versions are Pillow before 7.1.0; remediation is to upgrad...

5.5CVSS6.1AI score0.0142EPSS
CVE
CVE
added 2020/06/25 6:24 p.m.131 views

CVE-2020-10379

Summary: CVE-2020-10379 affects Pillow prior to 7.1.0, with two Buffer Overflows in libImaging/TiffDecode.c. This is documented in the CVE as a vulnerability with partial confidentiality, integrity, and availability impact (CVSS v3.1: 7.8, LOCAL, UI REQUIRED; CVSS v2: 6.8). The initial descriptio...

7.8CVSS7.6AI score0.01129EPSS