19 matches found
CVE-2021-34552
Pillow (Python Imaging Library) vulnerability CVE-2021-34552: Buffer overflow in Convert.c when passing controlled parameters to convert(), affecting Pillow <= 8.2.0 and PIL
CVE-2021-25290
Pillow up to version 8.1.1 contains a vulnerability in the TIFF image reader: a negative-offset memcpy with an invalid size in TiffDecode.c. This can lead to memory corruption. The issue is documented as CVE-2021-25290 and is referenced in multiple advisories (e.g., Debian, AlmaLinux, Amazon Linu...
CVE-2020-35653
CVE-2020-35653 affects Pillow up to version 8.0.x, where the PCX decoder (PcxDecode) may trigger a buffer over-read when processing a crafted PCX file because the user-supplied stride is trusted for buffer calculations. The issue is documented across multiple adapters (e.g., Debian, Arch, AlmaLin...
CVE-2021-27922
Pillow vulnerability CVE-2021-27922: Pillow before 8.1.2 can trigger excessive memory allocation when processing ICNS containers because the reported image size isn’t properly checked. This memory DoS is the explicit impact described in multiple sources (e.g., Astra Linux advisory referencing Pil...
CVE-2021-25293
The CVE-2021-25293 issue is in Pillow prior to 8.1.1, caused by an out-of-bounds read in SGIRleDecode.c. Affected: Pillow up to version 8.1.1. Impact: information about the exact impact is described in the CVE entry; the connected documents confirm the vulnerability. Remediation: upgrade Pillow t...
CVE-2021-25292
Pillow (Python Imaging Library fork) prior to 8.1.1 is affected by a vulnerability in its PDF format parser that allows a regular expression DoS (ReDoS) via a crafted PDF file due to a catastrophic backtracking regex. This can impact availability as indicated by the CVSS vector in the CVE entry, ...
CVE-2021-25291
Pillow before 8.1.1 is affected by an out-of-bounds read in TiffDecode.c (TiffreadRGBATile) due to invalid tile boundaries. Root cause: boundary handling in TiffreadRGBATile as reported for CVE-2021-25291. According to linked advisories and release notes, remediation is to upgrade to Pillow 8.1.1...
CVE-2021-27921
CVE-2021-27921 concerns Pillow (Python Imaging Library). Affected: Pillow up to 8.1.1/8.1.2 before 8.1.2. Issue: memory-allocating DoS due to the reported size of a contained image not being properly checked for BLP containers, allowing a very large allocation. Impact: potential denial of service...
CVE-2021-27923
CVE-2021-27923 affects Pillow up to 8.1.1. It causes a denial-of-service via memory exhaustion because the reported size of a contained image is not properly checked for an ICO container, potentially triggering a very large memory allocation. Root cause: inadequate validation of ICO container ima...
CVE-2021-23437
CVE-2021-23437 affects Pillow (Python Imaging Library): the getrgb function is vulnerable to a regular expression denial-of-service (ReDoS). Affected versions include 5.2.0 and earlier than 8.3.2. The issue can cause partial availability impact. The CVSS base score is 7.5 (HIGH) per NVD. Remediat...
CVE-2020-35655
Pillow (before 8.1.0) contains a vulnerability in SGIRleDecode: a 4‑byte buffer over-read while decoding crafted SGI RLE images caused by mishandled offsets and length tables.
CVE-2021-25289
CVE-2021-25289 affects Pillow before 8.1.1. The issue is a heap-based buffer overflow in TiffDecode when decoding crafted YCbCr files, triggered by interpretation conflicts with LibTIFF in RGBA mode. This stems from an incomplete fix for CVE-2020-35654. The CVE is documented with high severity (C...
CVE-2020-35654
Pillow CVE-2020-35654 affects TiffDecode: heap-based buffer overflow when decoding crafted YCbCr files due to interpretation conflicts with LibTIFF in RGBA mode. Affected versions are Pillow before 8.1.0 (and related notes indicate an incomplete fix extending to 8.1.1 per downstream advisories). ...
CVE-2021-25287
Pillow CVE-2021-25287 affects the Python Pillow library prior to 8.2.0, with an out-of-bounds read in J2kDecode (function: j2ku_graya_la). The related CVE-2021-25288 affects J2kDecode in j2ku_gray_i. Public advisories and CNVD entries corroborate the out-of-bounds read in these JPEG 2000 decoding...
CVE-2021-28677
CVE-2021-28677 affects Pillow before 8.2.0. The EPSImageFile.readline implementation mishandles line endings (combination of \r and \n) using a quadratic accumulation method, enabling a DoS during the open phase before an image is opened. Connected sources reference Pillow’s fix in 8.2.0 and note...
CVE-2021-28676
CVE-2021-28676 affects Pillow prior to 8.2.0. The flaw is in FLI data handling where FliDecode did not properly check that the block advance is non-zero, which can lead to an infinite loop while loading. This is documented across multiple sources (e.g., Pillow release notes, advisories) as a load...
CVE-2021-25288
Pillow CVE-2021-25288 is an out-of-bounds read vulnerability in the J2kDecode path (j2ku_gray_i) affecting Pillow before 8.2.0. Multiple sources confirm the flaw; remediation is to upgrade to Pillow 8.2.0 or later. Exploitation details are not provided in the supplied documents.
CVE-2021-28675
The CVE-2021-28675 issue affects Pillow (before 8.2.0). PSDImagePlugin.PsdImageFile does not perform a sanity check on the number of input layers relative to the data block size, enabling a potential Denial of Service when opening images with Image.open (prior to Image.load). Connected documents ...
CVE-2021-28678
CVE-2021-28678 affects Pillow prior to 8.2.0, where the BlpImagePlugin for BLP data failed to properly validate reads after seeking to file offsets. This can allow a denial-of-service by repeatedly decoding on empty data. Root cause: insufficient checks on data returned by reads in BlpImagePlugin...