CVSS: 6.5EPSS: 7%CPEs: 4EXPL: 0CVE-2016-2533
https://notcve.org/view.php?id=CVE-2016-2533
Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file. Desbordamiento de buffer en la función ImagengPcdDecode en PcdDecode.c en Pillow en versiones anteriores a 3.1.1 y Python Imageng Library (PIL) 1.1.7 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo PhotoCD manipulado. • http://www.debian.org/security/2016/dsa-3499 http://www.openwall.com/lists/oss-security/2016/02/02/5 http://www.openwall.com/lists/oss-security/2016/02/22/2 http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst https://github.com/python-pillow/Pillow/commit/5bdf54b5a76b54fb00bd05f2d733e0a4173eefc9#diff-8ff6909c159597e22288ad818938fd6b https://github.com/python-pillow/Pillow/commit/ae453aa18b66af54e7ff716 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3598
https://notcve.org/view.php?id=CVE-2014-3598
The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image. El plugin Jpeg2KImagePlugin en Pillow anterior a 2.5.3 permite a atacantes remotos causar una denegación de servicio a través de una imagen manipulada. • http://lists.opensuse.org/opensuse-updates/2015-04/msg00056.html https://pypi.python.org/pypi/Pillow/2.5.3 • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 1%CPEs: 4EXPL: 0CVE-2014-9601
https://notcve.org/view.php?id=CVE-2014-9601
Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed. Pillow anterior a 2.7.0 permite a atacantes remotos causar una denegación de servicio a través de un fragmento de texto comprimido en una imagen PNG que tiene un tamaño grande cuando está descomprimido. • http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148442.html http://lists.opensuse.org/opensuse-updates/2015-04/msg00056.html http://pillow.readthedocs.org/releasenotes/2.7.0.html http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html http://www.securityfocus.com/bid/77758 https://github.com/python-pillow/Pillow/pull/1060 https://www.djangoproject.com/weblog/2015/jan/02/pillow-security-release • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 1%CPEs: 7EXPL: 0CVE-2014-3589
https://notcve.org/view.php?id=CVE-2014-3589
PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size. PIL/IcnsImagePlugin.py en Python Imaging Library (PIL) y Pillow anterior a 2.3.2 y 2.5.x anterior a 2.5.2 permite a atacantes remotos causar una denegación de servicio a través de un tamaño de bloque manipulado. • http://lists.opensuse.org/opensuse-updates/2015-04/msg00056.html http://secunia.com/advisories/59825 http://www.debian.org/security/2014/dsa-3009 https://github.com/python-pillow/Pillow/commit/205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d https://pypi.python.org/pypi/Pillow/2.3.2 https://pypi.python.org/pypi/Pillow/2.5.2 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3007
https://notcve.org/view.php?id=CVE-2014-3007
Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py. Python Image Library (PIL) 1.1.7 y anteriores y Pillow 2.3 podrían permitir a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres de shell en vectores no especificados relacionados con CVE-2014-1932, posiblemente JpegImagePlugin.py. • http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1932.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •