CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25291 – python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c
https://notcve.org/view.php?id=CVE-2021-25291
12 Mar 2021 — An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries. Se detectó un problema en Pillow versiones anteriores a 8.1.1. En el archivo TiffDecode.c, se presenta una lectura fuera de límites en la función TiffreadRGBATile por medio de límites de mosaico no válidos A flaw was found in python-pillow. Invalid tile boundaries could lead to an OOB Read in TiffReadRGBATile in TiffDecode.c. • https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25292 – python-pillow: Regular expression DoS in PDF format parser
https://notcve.org/view.php?id=CVE-2021-25292
12 Mar 2021 — An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex. Se detectó un problema en Pillow versiones anteriores a 8.1.1. El analizador de PDF permite un ataque DoS (ReDoS) de expresión regular por medio de un archivo PDF diseñado debido a una regex de retroceso catastrófica A flaw was found in python-pillow. The PDF parser has a catastrophic backtracking regex that could be used as a... • https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html • CWE-20: Improper Input Validation CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25293 – python-pillow: Out-of-bounds read in SGI RLE image reader
https://notcve.org/view.php?id=CVE-2021-25293
12 Mar 2021 — An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c. Se detectó un problema en Pillow versiones anteriores a 8.1.1. Se presenta una lectura fuera de límites en el archivo SGIRleDecode.c A flaw was found in python-pillow. There is an Out of Bounds Read in SGIRleDecode.c. • https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25289 – python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c
https://notcve.org/view.php?id=CVE-2021-25289
12 Mar 2021 — An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654. Se detectó un problema en Pillow versiones anteriores a 8.1.1. La función TiffDecode presenta un desbordamiento de búfer en la región heap de la memoria cuando se decodifican archivos YCbCr diseñados debido a determinados conflictos de i... • https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-27921 – python-pillow: Excessive memory allocation in BLP image reader
https://notcve.org/view.php?id=CVE-2021-27921
03 Mar 2021 — Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. Pillow versiones anteriores a 8.1.1, permite a atacantes causar una denegación de servicio (consumo de memoria) porque el tamaño informado de una imagen contenida no es comprobado apropiadamente para un contenedor BLP y, por lo tanto, un intento de asignación de memoria pue... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-27922 – python-pillow: Excessive memory allocation in ICNS image reader
https://notcve.org/view.php?id=CVE-2021-27922
03 Mar 2021 — Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large. Pillow versiones anteriores a 8.1.1, permite a atacantes causar una denegación de servicio (consumo de la memoria) porque el tamaño reportado de una imagen contenida no es comprobado apropiadamente para un contenedor ICNS y, por lo tanto, un intento de asignación de la me... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-27923 – python-pillow: Excessive memory allocation in ICO image reader
https://notcve.org/view.php?id=CVE-2021-27923
03 Mar 2021 — Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large. Pillow versiones anteriores a 8.1.1, permite a atacantes causar una denegación de servicio (consumo de la memoria) porque el tamaño reportado de una imagen contenida no es comprobado apropiadamente para un contenedor ICO y, por lo tanto, un intento de asignación de memoria... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.9EPSS: 0%CPEs: 19EXPL: 1CVE-2021-23336 – Web Cache Poisoning
https://notcve.org/view.php?id=CVE-2021-23336
15 Feb 2021 — The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious ... • http://www.openwall.com/lists/oss-security/2021/02/19/4 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 9.8EPSS: 0%CPEs: 15EXPL: 1CVE-2021-3177 – python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c
https://notcve.org/view.php?id=CVE-2021-3177
19 Jan 2021 — Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely. Python versiones 3.x hasta 3.9.1, presenta un desbordamiento de búfer en la función PyCArg_repr en el archivo _ctypes/callproc.c, que puede conllevar a una ejecución de código remota en determina... • https://bugs.python.org/issue42938 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2020-35653 – python-pillow: Buffer over-read in PCX image reader
https://notcve.org/view.php?id=CVE-2020-35653
11 Jan 2021 — In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations. En Pillow versiones anteriores a 8.1.0, la función PcxDecode presenta una lectura excesiva del búfer cuando se decodifica un archivo PCX diseñado porque el valor de paso suministrado por el usuario es confiable para los cálculos del búfer A flaw was found in python-pillow. The PcxDecode in Pillow has a buffer over-read when decoding a crafted PC... • https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html • CWE-125: Out-of-bounds Read •