CVE-2021-28677 – python-pillow: Excessive CPU use in EPS image reader
https://notcve.org/view.php?id=CVE-2021-28677
An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a DoS of Pillow in the open phase, before an image was accepted for opening. Se ha detectado un problema en Pillow versiones anteriores a 8.2.0,. • https://github.com/python-pillow/Pillow/pull/5377 https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28677-fix-eps-dos-on-open https://security.gentoo.org/glsa/202107-33 https://access.redhat.com/security/cve/CVE-2021-28677 https://bugzilla.redhat.com/show_bug.cgi?id=1958257 • CWE-20: Improper Input Validation •
CVE-2021-25292 – python-pillow: Regular expression DoS in PDF format parser
https://notcve.org/view.php?id=CVE-2021-25292
An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex. Se detectó un problema en Pillow versiones anteriores a 8.1.1. El analizador de PDF permite un ataque DoS (ReDoS) de expresión regular por medio de un archivo PDF diseñado debido a una regex de retroceso catastrófica A flaw was found in python-pillow. The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack. • https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html https://security.gentoo.org/glsa/202107-33 https://access.redhat.com/security/cve/CVE-2021-25292 https://bugzilla.redhat.com/show_bug.cgi?id=1934699 • CWE-20: Improper Input Validation CWE-1333: Inefficient Regular Expression Complexity •
CVE-2021-25289 – python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c
https://notcve.org/view.php?id=CVE-2021-25289
An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654. Se detectó un problema en Pillow versiones anteriores a 8.1.1. La función TiffDecode presenta un desbordamiento de búfer en la región heap de la memoria cuando se decodifican archivos YCbCr diseñados debido a determinados conflictos de interpretación con LibTIFF en el modo RGBA. • https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html https://security.gentoo.org/glsa/202107-33 https://access.redhat.com/security/cve/CVE-2021-25289 https://bugzilla.redhat.com/show_bug.cgi?id=1934680 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVE-2021-25291 – python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c
https://notcve.org/view.php?id=CVE-2021-25291
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries. Se detectó un problema en Pillow versiones anteriores a 8.1.1. En el archivo TiffDecode.c, se presenta una lectura fuera de límites en la función TiffreadRGBATile por medio de límites de mosaico no válidos A flaw was found in python-pillow. Invalid tile boundaries could lead to an OOB Read in TiffReadRGBATile in TiffDecode.c. • https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html https://security.gentoo.org/glsa/202107-33 https://access.redhat.com/security/cve/CVE-2021-25291 https://bugzilla.redhat.com/show_bug.cgi?id=1934692 • CWE-125: Out-of-bounds Read •
CVE-2021-25290 – python-pillow: Negative-offset memcpy in TIFF image reader
https://notcve.org/view.php?id=CVE-2021-25290
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size. Se detectó un problema en Pillow versiones anteriores a 8.1.1. En el archivo TiffDecode.c, se presenta una memoria de desplazamiento negativo con un tamaño no válido A flaw was found in python-pillow. In TiffDecode.c, there is a negative-offset memcpy with an invalid size which could lead to a system crash. • https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html https://security.gentoo.org/glsa/202107-33 https://access.redhat.com/security/cve/CVE-2021-25290 https://bugzilla.redhat.com/show_bug.cgi?id=1934685 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •