CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-27921 – python-pillow: Excessive memory allocation in BLP image reader
https://notcve.org/view.php?id=CVE-2021-27921
03 Mar 2021 — Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. Pillow versiones anteriores a 8.1.1, permite a atacantes causar una denegación de servicio (consumo de memoria) porque el tamaño informado de una imagen contenida no es comprobado apropiadamente para un contenedor BLP y, por lo tanto, un intento de asignación de memoria pue... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-27922 – python-pillow: Excessive memory allocation in ICNS image reader
https://notcve.org/view.php?id=CVE-2021-27922
03 Mar 2021 — Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large. Pillow versiones anteriores a 8.1.1, permite a atacantes causar una denegación de servicio (consumo de la memoria) porque el tamaño reportado de una imagen contenida no es comprobado apropiadamente para un contenedor ICNS y, por lo tanto, un intento de asignación de la me... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-27923 – python-pillow: Excessive memory allocation in ICO image reader
https://notcve.org/view.php?id=CVE-2021-27923
03 Mar 2021 — Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large. Pillow versiones anteriores a 8.1.1, permite a atacantes causar una denegación de servicio (consumo de la memoria) porque el tamaño reportado de una imagen contenida no es comprobado apropiadamente para un contenedor ICO y, por lo tanto, un intento de asignación de memoria... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2020-35653 – python-pillow: Buffer over-read in PCX image reader
https://notcve.org/view.php?id=CVE-2020-35653
11 Jan 2021 — In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations. En Pillow versiones anteriores a 8.1.0, la función PcxDecode presenta una lectura excesiva del búfer cuando se decodifica un archivo PCX diseñado porque el valor de paso suministrado por el usuario es confiable para los cálculos del búfer A flaw was found in python-pillow. The PcxDecode in Pillow has a buffer over-read when decoding a crafted PC... • https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-35654 – python-pillow: decoding crafted YCbCr files could result in heap-based buffer overflow
https://notcve.org/view.php?id=CVE-2020-35654
11 Jan 2021 — In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. En Pillow versiones anteriores a 8.1.0, la función TiffDecode presenta un desbordamiento del búfer en la región heap de la memoria cuando se decodifican archivos YCbCr diseñados debido a determinados conflictos de interpretación con LibTIFF en modo RGBA A flaw was found in python-pillow. TiffDecode has a heap-based buffer overflow when d... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE • CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 0%CPEs: 7EXPL: 0CVE-2020-10177 – python-pillow: multiple out-of-bounds reads in libImaging/FliDecode.c
https://notcve.org/view.php?id=CVE-2020-10177
25 Jun 2020 — Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c. Pillow versiones anteriores a 7.1.0, presenta múltiples lecturas fuera de límites en la biblioteca libImaging/FliDecode.c A flaw was found in python-pillow. Multiple out-of-bounds reads occur in libImaging/FliDecode.c. USN-4697-1 fixed several vulnerabilities in Pillow. This update provides the corresponding update for Ubuntu 14.04 ESM. • https://github.com/python-pillow/Pillow/commits/master/src/libImaging • CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: 1%CPEs: 6EXPL: 0CVE-2020-11538 – python-pillow: out-of-bounds reads/writes in the parsing of SGI image files in expandrow/expandrow2
https://notcve.org/view.php?id=CVE-2020-11538
25 Jun 2020 — In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311. En la biblioteca libImaging/SgiRleDecode.c en Pillow versiones hasta 7.0.0, se presentan múltiples lecturas fuera de límites en el análisis de archivos de imagen SGI, un problema diferente de CVE-2020-5311 An out-of-bounds read/write flaw was found in python-pillow, in the way SGI RLE images are decoded. An application that uses python-pillow to... • https://github.com/python-pillow/Pillow/pull/4504 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-10994 – python-pillow: multiple out-of-bounds reads via a crafted JP2 file
https://notcve.org/view.php?id=CVE-2020-10994
25 Jun 2020 — In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file. En la biblioteca libImaging/Jpeg2KDecode.c en Pillow versiones anteriores a 7.1.0, se presentan múltiples lecturas fuera de límites por medio de un archivo JP2 diseñado An out-of-bounds read flaw was found in python-pillow in the way JP2 images are parsed. An application that uses python-pillow to decode untrusted images may be vulnerable to this issue. This flaw allows an attacker to read dat... • https://github.com/python-pillow/Pillow/commits/master/src/libImaging • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-10379 – python-pillow: two buffer overflows in libImaging/TiffDecode.c due to small buffers allocated in ImagingLibTiffDecode()
https://notcve.org/view.php?id=CVE-2020-10379
25 Jun 2020 — In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c. En Pillow versiones anteriores a 7.1.0, se presentan dos Desbordamientos de Búfer en la biblioteca libImaging/TiffDecode.c Quay 3.4.0 release. Issues addressed include HTTP request smuggling, buffer overflow, information leakage, integer overflow, out of bounds read, and out of bounds write vulnerabilities. • https://github.com/python-pillow/Pillow/commit/46f4a349b88915787fea3fb91348bb1665831bbb#diff-9478f2787e3ae9668a15123b165c23ac • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 0CVE-2020-10378 – python-pillow: an out-of-bounds read in libImaging/PcxDecode.c can occur when reading PCX files
https://notcve.org/view.php?id=CVE-2020-10378
25 Jun 2020 — In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer. En la biblioteca libImaging/PcxDecode.c en Pillow versiones anteriores a 7.1.0, puede ocurrir una lectura fuera de límites cuando se leen archivos PCX donde state->shuffle es instruido para que lea más allá de state->buffer A flaw was found in python-pillow. In libImaging/PcxDecode.c, an out-of-bounds read occurs when reading PCX file... • https://github.com/python-pillow/Pillow/commit/6a83e4324738bb0452fbe8074a995b1c73f08de7#diff-9478f2787e3ae9668a15123b165c23ac • CWE-125: Out-of-bounds Read •