CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25289 – python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c
https://notcve.org/view.php?id=CVE-2021-25289
An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654. Se detectó un problema en Pillow versiones anteriores a 8.1.1. La función TiffDecode presenta un desbordamiento de búfer en la región heap de la memoria cuando se decodifican archivos YCbCr diseñados debido a determinados conflictos de interpretación con LibTIFF en el modo RGBA. • https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html https://security.gentoo.org/glsa/202107-33 https://access.redhat.com/security/cve/CVE-2021-25289 https://bugzilla.redhat.com/show_bug.cgi?id=1934680 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-25290 – python-pillow: Negative-offset memcpy in TIFF image reader
https://notcve.org/view.php?id=CVE-2021-25290
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size. Se detectó un problema en Pillow versiones anteriores a 8.1.1. En el archivo TiffDecode.c, se presenta una memoria de desplazamiento negativo con un tamaño no válido A flaw was found in python-pillow. In TiffDecode.c, there is a negative-offset memcpy with an invalid size which could lead to a system crash. • https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html https://security.gentoo.org/glsa/202107-33 https://access.redhat.com/security/cve/CVE-2021-25290 https://bugzilla.redhat.com/show_bug.cgi?id=1934685 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25291 – python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c
https://notcve.org/view.php?id=CVE-2021-25291
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries. Se detectó un problema en Pillow versiones anteriores a 8.1.1. En el archivo TiffDecode.c, se presenta una lectura fuera de límites en la función TiffreadRGBATile por medio de límites de mosaico no válidos A flaw was found in python-pillow. Invalid tile boundaries could lead to an OOB Read in TiffReadRGBATile in TiffDecode.c. • https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html https://security.gentoo.org/glsa/202107-33 https://access.redhat.com/security/cve/CVE-2021-25291 https://bugzilla.redhat.com/show_bug.cgi?id=1934692 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25292 – python-pillow: Regular expression DoS in PDF format parser
https://notcve.org/view.php?id=CVE-2021-25292
An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex. Se detectó un problema en Pillow versiones anteriores a 8.1.1. El analizador de PDF permite un ataque DoS (ReDoS) de expresión regular por medio de un archivo PDF diseñado debido a una regex de retroceso catastrófica A flaw was found in python-pillow. The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack. • https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html https://security.gentoo.org/glsa/202107-33 https://access.redhat.com/security/cve/CVE-2021-25292 https://bugzilla.redhat.com/show_bug.cgi?id=1934699 • CWE-20: Improper Input Validation CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25293 – python-pillow: Out-of-bounds read in SGI RLE image reader
https://notcve.org/view.php?id=CVE-2021-25293
An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c. Se detectó un problema en Pillow versiones anteriores a 8.1.1. Se presenta una lectura fuera de límites en el archivo SGIRleDecode.c A flaw was found in python-pillow. There is an Out of Bounds Read in SGIRleDecode.c. • https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html https://security.gentoo.org/glsa/202107-33 https://access.redhat.com/security/cve/CVE-2021-25293 https://bugzilla.redhat.com/show_bug.cgi?id=1934705 • CWE-125: Out-of-bounds Read •