2 results (0.005 seconds)

CVSS: 6.5EPSS: 7%CPEs: 4EXPL: 0

Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file. Desbordamiento de buffer en la función ImagengPcdDecode en PcdDecode.c en Pillow en versiones anteriores a 3.1.1 y Python Imageng Library (PIL) 1.1.7 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo PhotoCD manipulado. • http://www.debian.org/security/2016/dsa-3499 http://www.openwall.com/lists/oss-security/2016/02/02/5 http://www.openwall.com/lists/oss-security/2016/02/22/2 http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst https://github.com/python-pillow/Pillow/commit/5bdf54b5a76b54fb00bd05f2d733e0a4173eefc9#diff-8ff6909c159597e22288ad818938fd6b https://github.com/python-pillow/Pillow/commit/ae453aa18b66af54e7ff716 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 1%CPEs: 7EXPL: 0

PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size. PIL/IcnsImagePlugin.py en Python Imaging Library (PIL) y Pillow anterior a 2.3.2 y 2.5.x anterior a 2.5.2 permite a atacantes remotos causar una denegación de servicio a través de un tamaño de bloque manipulado. • http://lists.opensuse.org/opensuse-updates/2015-04/msg00056.html http://secunia.com/advisories/59825 http://www.debian.org/security/2014/dsa-3009 https://github.com/python-pillow/Pillow/commit/205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d https://pypi.python.org/pypi/Pillow/2.3.2 https://pypi.python.org/pypi/Pillow/2.5.2 • CWE-20: Improper Input Validation •