CVSS: 8.6EPSS: 0%CPEs: 4EXPL: 1CVE-2020-28591
https://notcve.org/view.php?id=CVE-2020-28591
An out-of-bounds read vulnerability exists in the AMF File AMFParserContext::endElement() functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42. A specially crafted AMF file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de lectura fuera de límites en la funcionalidad AMF File AMFParserContext::endElement() de Slic3r libslic3r versión 1.3.0 y Master Commit 92abbc42. Un archivo AMF especialmente diseñado puede conllevar a una divulgación de información. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KBEK4H23AS6TKTGU2OTMHAZZYNECQVCB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TCSYYURJTUKJSEZIPDAXK4NHRXZMHIVA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJPM24DY36EH3HFJGAXDLGFT43VZWLJ7 https://talosintelligence.com/vulnerability_reports/TALOS-2020-1215 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2021-26813
https://notcve.org/view.php?id=CVE-2021-26813
markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time. markdown2 versiones anteriores a 1.0.1.18, corregido en 2.4.0, está afectado por una vulnerabilidad de denegación de servicio de expresión regular. Si un atacante proporciona una cadena maliciosa, puede dificultar el procesamiento de Markdown2 o retrasarlo durante un período de tiempo prolongado • https://github.com/trentm/python-markdown2/pull/387 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRP5RN35JZTSJ3JT4722F447ZDK7LZS5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J752422YELXLMLZJPVJVKD2KKHHQRVEH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTIX5UXRDJZJ57DO4V33ZNJTNKWGBQLY • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-27921 – python-pillow: Excessive memory allocation in BLP image reader
https://notcve.org/view.php?id=CVE-2021-27921
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. Pillow versiones anteriores a 8.1.1, permite a atacantes causar una denegación de servicio (consumo de memoria) porque el tamaño informado de una imagen contenida no es comprobado apropiadamente para un contenedor BLP y, por lo tanto, un intento de asignación de memoria puede ser muy grande A flaw was found in python-pillow. Attackers can cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html https://security.gentoo.org/glsa/202107-33 https://access.redhat.com/security/cve/CVE-2021-27921 h • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-27922 – python-pillow: Excessive memory allocation in ICNS image reader
https://notcve.org/view.php?id=CVE-2021-27922
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large. Pillow versiones anteriores a 8.1.1, permite a atacantes causar una denegación de servicio (consumo de la memoria) porque el tamaño reportado de una imagen contenida no es comprobado apropiadamente para un contenedor ICNS y, por lo tanto, un intento de asignación de la memoria puede ser muy grande A flaw was found in python-pillow. Attackers can cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html https://security.gentoo.org/glsa/202107-33 https://access.redhat.com/security/cve/CVE-2021-27922 h • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-27923 – python-pillow: Excessive memory allocation in ICO image reader
https://notcve.org/view.php?id=CVE-2021-27923
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large. Pillow versiones anteriores a 8.1.1, permite a atacantes causar una denegación de servicio (consumo de la memoria) porque el tamaño reportado de una imagen contenida no es comprobado apropiadamente para un contenedor ICO y, por lo tanto, un intento de asignación de memoria puede ser muy grande A flaw was found in python-pillow. Attackers can cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html https://security.gentoo.org/glsa/202107-33 https://access.redhat.com/security/cve/CVE-2021-27923 h • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •