Lucene search
Veracode Vulnerability DatabaseVERACODE:28977HistoryJan 13, 2021 - 3:41 a.m.
Denial Of Service (DoS)
2021-01-1303:41:47
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
0.002 Low
EPSS
Percentile
52.3%
pillow is vulnerable to denial of service (DoS). The vulnerability exists through a buffer overread during the decoding of a PcxImageFile through the value of stride.
| CPE | Name | Operator | Version |
|---|---|---|---|
| pillow | le | 8.0.1 | |
| py3-pillow:edge | eq | 6.2.2-r1 | |
| py3-pillow:edge | eq | 7.1.1-r0 | |
| py3-pillow:edge | eq | 7.1.2-r0 | |
| py3-pillow:edge | eq | 6.2.2-r0 |
References
github.com/advisories/GHSA-f5g8-5qq7-938w
github.com/python-pillow/Pillow/commit/0117694533895061f4fae517a720a6d860deab33
github.com/python-pillow/Pillow/pull/5174
lists.debian.org/debian-lts-announce/2021/07/msg00018.html
lists.fedoraproject.org/archives/list/[email protected]/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/
lists.fedoraproject.org/archives/list/[email protected]/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/
pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security
pillow.readthedocs.io/en/stable/releasenotes/index.html
Related
osv
osv
PYSEC-2021-69
2021-01-12 09:15:00
Pillow Out-of-bounds Read
2021-03-18 19:55:41
BIT-pillow-2020-35653
2024-03-06 11:06:36
prion
prion
Buffer overflow
2021-01-12 09:15:00
redhatcve
redhatcve
CVE-2020-35653
2021-01-12 16:20:06
alpinelinux
alpinelinux
CVE-2020-35653
2021-01-12 09:15:13
cvelist
cvelist
CVE-2020-35653
2021-01-12 08:02:35
nvd
nvd
CVE-2020-35653
2021-01-12 09:15:13
ubuntucve
ubuntucve
CVE-2020-35653
2021-01-12 00:00:00
github
github
Pillow Out-of-bounds Read
2021-03-18 19:55:41
cnvd
cnvd
Pillow Buffer Overflow Vulnerability (CNVD-2021-54038)
2021-01-14 00:00:00
cve
cve
CVE-2020-35653
2021-01-12 09:15:13
debiancve
debiancve
CVE-2020-35653
2021-01-12 09:15:13
openvas
openvas
Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2021-1515)
2021-03-05 00:00:00
Ubuntu: Security Advisory (USN-4697-2)
2022-08-26 00:00:00
Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2021-1702)
2021-03-24 00:00:00
nessus
nessus
EulerOS Virtualization 3.0.6.6 : python-pillow (EulerOS-SA-2021-1515)
2021-03-04 00:00:00
EulerOS 2.0 SP5 : python-pillow (EulerOS-SA-2021-1702)
2021-03-24 00:00:00
ubuntu
ubuntu
Pillow vulnerabilities
2021-01-20 00:00:00
Pillow vulnerabilities
2021-01-18 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: python-pillow-7.0.0-5.fc32
2021-01-24 01:23:46
[SECURITY] Fedora 33 Update: mingw-python-pillow-7.2.0-3.fc33
2021-01-21 01:47:28
[SECURITY] Fedora 33 Update: python-pillow-7.2.0-3.fc33
2021-01-21 01:47:29
gentoo
gentoo
Pillow: Multiple vulnerabilities
2021-01-11 00:00:00
archlinux
archlinux
[ASA-202101-11] python-pillow: multiple issues
2021-01-12 00:00:00
debian
debian
[SECURITY] [DLA 2716-1] pillow security update
2021-07-22 11:17:53
amazon
amazon
Important: python-pillow
2023-06-05 16:39:00
suse
suse
Security update for python-CairoSVG, python-Pillow (moderate)
2021-08-10 00:00:00
redhat
redhat
(RHSA-2021:4149) Moderate: python-pillow security update
2021-11-09 08:24:34
rocky
rocky
python-pillow security update
2021-11-09 08:24:34
almalinux
almalinux
Moderate: python-pillow security update
2021-11-09 08:24:34
rosalinux
rosalinux
Advisory ROSA-SA-2021-1957
2021-07-02 18:03:40