CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 1CVE-2019-5188 – e2fsprogs: Out-of-bounds write in e2fsck/rehash.c
https://notcve.org/view.php?id=CVE-2019-5188
A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. Existe una vulnerabilidad de ejecución de código en la funcionalidad directory rehashing de E2fsprogs e2fsck versión 1.45.4. Un directorio ext4 especialmente diseñado puede causar una escritura fuera de límites en la pila, resultando en una ejecución de código. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html https://lists.debian.org/debian-lts-announce/2020/03/msg00030.html https://lists.debian.org/debian-lts-announce/2020/07/msg00021.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY https://security.netapp.com/advisory/ntap-20220506-0001 https://ta • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-19911 – python-pillow: uncontrolled resource consumption in FpxImagePlugin.py
https://notcve.org/view.php?id=CVE-2019-19911
There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux running 64-bit Python this results in the process being terminated by the OOM killer. Hay una vulnerabilidad DoS en Pillow versiones anteriores a la versión 6.2.2, causada por el archivo FpxImagePlugin.py llamando a la función range en un entero de 32 bits sin validar si el número de bandas es grande. En Windows ejecutando Python de 32 bits, esto resulta en un OverflowError o MemoryError debido al límite de 2 GB. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html https://usn.ubuntu.com/4272-1 https://www.debian.org/security/2020/dsa-4631 https://access.redhat.com/security/cve/CVE-2019-19911 https://bugzilla.redhat.com/show_bug.cgi?id=1789540 • CWE-190: Integer Overflow or Wraparound CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2020-5310 – python-pillow: Integer overflow leading to buffer overflow in ImagingLibTiffDecode
https://notcve.org/view.php?id=CVE-2020-5310
libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc. El archivo libImaging/TiffDecode.c en Pillow versiones anteriores a la versión 6.2.2, tiene un desbordamiento de enteros de la decodificación TIFF, relacionado con realloc. • https://github.com/python-pillow/Pillow/commit/4e2def2539ec13e53a82e06c4b3daf00454100c4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html https://usn.ubuntu.com/4272-1 https://access.redhat.com/security/cve/CVE-2020-5310 https://bugzilla.redhat.com/show_bug.cgi?id& • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 1%CPEs: 9EXPL: 0CVE-2020-5312 – python-pillow: improperly restricted operations on memory buffer in libImaging/PcxDecode.c
https://notcve.org/view.php?id=CVE-2020-5312
libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow. El archivo libImaging/PcxDecode.c en Pillow versiones anteriores a la versión 6.2.2, tiene un desbordamiento de búfer en modo PCX P. A flaw was discovered in python-pillow does where it does not properly restrict operations within the bounds of a memory buffer when decoding PCX images. An application that uses python-pillow to decode untrusted images may be vulnerable to this flaw, which can allow an attacker to crash the application or potentially execute code on the system. • https://access.redhat.com/errata/RHSA-2020:0566 https://access.redhat.com/errata/RHSA-2020:0578 https://access.redhat.com/errata/RHSA-2020:0580 https://access.redhat.com/errata/RHSA-2020:0681 https://access.redhat.com/errata/RHSA-2020:0683 https://access.redhat.com/errata/RHSA-2020:0694 https://github.com/python-pillow/Pillow/commit/93b22b846e0269ee9594ff71a72bec02d2bea8fd https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A https:/& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.2EPSS: 0%CPEs: 9EXPL: 0CVE-2020-5313 – python-pillow: out-of-bounds read in ImagingFliDecode when loading FLI images
https://notcve.org/view.php?id=CVE-2020-5313
libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow. El archivo libImaging/FliDecode.c en Pillow versiones anteriores a la versión 6.2.2, tiene un desbordamiento de búfer de FLI. An out-of-bounds read was discovered in python-pillow in the way it decodes FLI images. An application that uses python-pillow to load untrusted images may be vulnerable to this flaw, which can allow an attacker to read the memory of the application they should be not allowed to read. • https://github.com/python-pillow/Pillow/commit/a09acd0decd8a87ccce939d5ff65dab59e7d365b https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html https://usn.ubuntu.com/4272-1 https://www.debian.org/security/2020/dsa-4631 https://access.redhat.com/security/cve/CVE-2020-5 • CWE-125: Out-of-bounds Read •