Lucene search
K

19 matches found

CVE
CVE
added 2021/07/13 12:0 a.m.378 views

CVE-2021-34552

Pillow (Python Imaging Library) vulnerability CVE-2021-34552: Buffer overflow in Convert.c when passing controlled parameters to convert(), affecting Pillow <= 8.2.0 and PIL

9.8CVSS9.6AI score0.03162EPSS
CVE
CVE
added 2021/03/19 3:29 a.m.372 views

CVE-2021-25290

Pillow up to version 8.1.1 contains a vulnerability in the TIFF image reader: a negative-offset memcpy with an invalid size in TiffDecode.c. This can lead to memory corruption. The issue is documented as CVE-2021-25290 and is referenced in multiple advisories (e.g., Debian, AlmaLinux, Amazon Linu...

7.5CVSS8.3AI score0.02372EPSS
CVE
CVE
added 2021/01/12 8:2 a.m.326 views

CVE-2020-35653

CVE-2020-35653 affects Pillow up to version 8.0.x, where the PCX decoder (PcxDecode) may trigger a buffer over-read when processing a crafted PCX file because the user-supplied stride is trusted for buffer calculations. The issue is documented across multiple adapters (e.g., Debian, Arch, AlmaLin...

7.1CVSS7.7AI score0.01498EPSS
CVE
CVE
added 2021/03/03 8:41 a.m.293 views

CVE-2021-27922

Pillow vulnerability CVE-2021-27922: Pillow before 8.1.2 can trigger excessive memory allocation when processing ICNS containers because the reported image size isn’t properly checked. This memory DoS is the explicit impact described in multiple sources (e.g., Astra Linux advisory referencing Pil...

7.5CVSS7.3AI score0.04851EPSS
CVE
CVE
added 2021/03/19 3:30 a.m.292 views

CVE-2021-25293

The CVE-2021-25293 issue is in Pillow prior to 8.1.1, caused by an out-of-bounds read in SGIRleDecode.c. Affected: Pillow up to version 8.1.1. Impact: information about the exact impact is described in the CVE entry; the connected documents confirm the vulnerability. Remediation: upgrade Pillow t...

7.5CVSS8.2AI score0.01601EPSS
CVE
CVE
added 2021/03/19 3:30 a.m.285 views

CVE-2021-25292

Pillow (Python Imaging Library fork) prior to 8.1.1 is affected by a vulnerability in its PDF format parser that allows a regular expression DoS (ReDoS) via a crafted PDF file due to a catastrophic backtracking regex. This can impact availability as indicated by the CVSS vector in the CVE entry, ...

6.5CVSS7.4AI score0.01635EPSS
CVE
CVE
added 2021/03/19 3:30 a.m.283 views

CVE-2021-25291

Pillow before 8.1.1 is affected by an out-of-bounds read in TiffDecode.c (TiffreadRGBATile) due to invalid tile boundaries. Root cause: boundary handling in TiffreadRGBATile as reported for CVE-2021-25291. According to linked advisories and release notes, remediation is to upgrade to Pillow 8.1.1...

7.5CVSS8.2AI score0.01425EPSS
CVE
CVE
added 2021/03/03 8:41 a.m.269 views

CVE-2021-27921

CVE-2021-27921 concerns Pillow (Python Imaging Library). Affected: Pillow up to 8.1.1/8.1.2 before 8.1.2. Issue: memory-allocating DoS due to the reported size of a contained image not being properly checked for BLP containers, allowing a very large allocation. Impact: potential denial of service...

7.5CVSS6.7AI score0.0317EPSS
CVE
CVE
added 2021/03/03 8:41 a.m.263 views

CVE-2021-27923

CVE-2021-27923 affects Pillow up to 8.1.1. It causes a denial-of-service via memory exhaustion because the reported size of a contained image is not properly checked for an ICO container, potentially triggering a very large memory allocation. Root cause: inadequate validation of ICO container ima...

7.5CVSS7.3AI score0.03071EPSS
CVE
CVE
added 2021/09/03 4:10 p.m.252 views

CVE-2021-23437

CVE-2021-23437 affects Pillow (Python Imaging Library): the getrgb function is vulnerable to a regular expression denial-of-service (ReDoS). Affected versions include 5.2.0 and earlier than 8.3.2. The issue can cause partial availability impact. The CVSS base score is 7.5 (HIGH) per NVD. Remediat...

7.5CVSS7.5AI score0.03154EPSS
CVE
CVE
added 2021/01/12 8:8 a.m.249 views

CVE-2020-35655

Pillow (before 8.1.0) contains a vulnerability in SGIRleDecode: a 4‑byte buffer over-read while decoding crafted SGI RLE images caused by mishandled offsets and length tables.

5.8CVSS6.8AI score0.01573EPSS
CVE
CVE
added 2021/03/19 3:29 a.m.247 views

CVE-2021-25289

CVE-2021-25289 affects Pillow before 8.1.1. The issue is a heap-based buffer overflow in TiffDecode when decoding crafted YCbCr files, triggered by interpretation conflicts with LibTIFF in RGBA mode. This stems from an incomplete fix for CVE-2020-35654. The CVE is documented with high severity (C...

9.8CVSS9.4AI score0.02281EPSS
CVE
CVE
added 2021/01/12 8:6 a.m.220 views

CVE-2020-35654

Pillow CVE-2020-35654 affects TiffDecode: heap-based buffer overflow when decoding crafted YCbCr files due to interpretation conflicts with LibTIFF in RGBA mode. Affected versions are Pillow before 8.1.0 (and related notes indicate an incomplete fix extending to 8.1.1 per downstream advisories). ...

8.8CVSS9.2AI score0.01789EPSS
CVE
CVE
added 2021/06/02 3:13 p.m.217 views

CVE-2021-25287

Pillow CVE-2021-25287 affects the Python Pillow library prior to 8.2.0, with an out-of-bounds read in J2kDecode (function: j2ku_graya_la). The related CVE-2021-25288 affects J2kDecode in j2ku_gray_i. Public advisories and CNVD entries corroborate the out-of-bounds read in these JPEG 2000 decoding...

9.1CVSS8.9AI score0.02876EPSS
CVE
CVE
added 2021/06/02 3:18 p.m.214 views

CVE-2021-28677

CVE-2021-28677 affects Pillow before 8.2.0. The EPSImageFile.readline implementation mishandles line endings (combination of \r and \n) using a quadratic accumulation method, enabling a DoS during the open phase before an image is opened. Connected sources reference Pillow’s fix in 8.2.0 and note...

7.5CVSS8.1AI score0.02293EPSS
CVE
CVE
added 2021/06/02 12:0 a.m.213 views

CVE-2021-28676

CVE-2021-28676 affects Pillow prior to 8.2.0. The flaw is in FLI data handling where FliDecode did not properly check that the block advance is non-zero, which can lead to an infinite loop while loading. This is documented across multiple sources (e.g., Pillow release notes, advisories) as a load...

7.5CVSS8.1AI score0.02453EPSS
CVE
CVE
added 2021/06/02 3:13 p.m.206 views

CVE-2021-25288

Pillow CVE-2021-25288 is an out-of-bounds read vulnerability in the J2kDecode path (j2ku_gray_i) affecting Pillow before 8.2.0. Multiple sources confirm the flaw; remediation is to upgrade to Pillow 8.2.0 or later. Exploitation details are not provided in the supplied documents.

9.1CVSS8.9AI score0.02876EPSS
CVE
CVE
added 2021/06/02 2:29 p.m.194 views

CVE-2021-28675

The CVE-2021-28675 issue affects Pillow (before 8.2.0). PSDImagePlugin.PsdImageFile does not perform a sanity check on the number of input layers relative to the data block size, enabling a potential Denial of Service when opening images with Image.open (prior to Image.load). Connected documents ...

5.5CVSS6.8AI score0.0096EPSS
CVE
CVE
added 2021/06/02 3:16 p.m.188 views

CVE-2021-28678

CVE-2021-28678 affects Pillow prior to 8.2.0, where the BlpImagePlugin for BLP data failed to properly validate reads after seeking to file offsets. This can allow a denial-of-service by repeatedly decoding on empty data. Root cause: insufficient checks on data returned by reads in BlpImagePlugin...

5.5CVSS6.8AI score0.00732EPSS