CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-10994 – python-pillow: multiple out-of-bounds reads via a crafted JP2 file
https://notcve.org/view.php?id=CVE-2020-10994
In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file. En la biblioteca libImaging/Jpeg2KDecode.c en Pillow versiones anteriores a 7.1.0, se presentan múltiples lecturas fuera de límites por medio de un archivo JP2 diseñado An out-of-bounds read flaw was found in python-pillow in the way JP2 images are parsed. An application that uses python-pillow to decode untrusted images may be vulnerable to this issue. This flaw allows an attacker to read data. The highest threat from this vulnerability is to confidentiality. • https://github.com/python-pillow/Pillow/commits/master/src/libImaging https://github.com/python-pillow/Pillow/pull/4505 https://github.com/python-pillow/Pillow/pull/4538 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427 https://pillow.readthedocs.io/en/stable/releasenotes https://pillow.readthedocs.io/en/stable/releasenotes/ • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 0CVE-2020-10378 – python-pillow: an out-of-bounds read in libImaging/PcxDecode.c can occur when reading PCX files
https://notcve.org/view.php?id=CVE-2020-10378
In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer. En la biblioteca libImaging/PcxDecode.c en Pillow versiones anteriores a 7.1.0, puede ocurrir una lectura fuera de límites cuando se leen archivos PCX donde state->shuffle es instruido para que lea más allá de state->buffer A flaw was found in python-pillow. In libImaging/PcxDecode.c, an out-of-bounds read occurs when reading PCX files where state->shuffle is instructed to read beyond state->buffer. • https://github.com/python-pillow/Pillow/commit/6a83e4324738bb0452fbe8074a995b1c73f08de7#diff-9478f2787e3ae9668a15123b165c23ac https://github.com/python-pillow/Pillow/commits/master/src/libImaging https://github.com/python-pillow/Pillow/pull/4538 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427 https://pillow.readthedocs.io/en/stable/releasenotes/7.1&# • CWE-125: Out-of-bounds Read •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 1CVE-2020-12862
https://notcve.org/view.php?id=CVE-2020-12862
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082. Una lectura fuera de límites en SANE Backends versiones anteriores a 1.0.30, puede permitir a un dispositivo malicioso conectado a la misma red local que la víctima leer información importante, tales como las compensaciones ASLR del programa, también se conoce como GHSL-2020-082 • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html https://lists.debian.org/debian-lts-announce/2020/08/msg00029.html https://lists.debian.org/debian-lts-announce/2020/10/msg00010.html https://securitylab.github.com/advisories/GHSL-2020-075-libsane https://usn.ubuntu.com/4470-1 • CWE-125: Out-of-bounds Read •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 1CVE-2020-12863
https://notcve.org/view.php?id=CVE-2020-12863
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083. Una lectura fuera de límites en SANE Backends versiones anteriores a 1.0.30, puede permitir a un dispositivo malicioso conectado a la misma red local que la víctima leer información importante, tales como las compensaciones ASLR del programa, también se conoce como GHSL-2020-083 • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html https://lists.debian.org/debian-lts-announce/2020/08/msg00029.html https://lists.debian.org/debian-lts-announce/2020/10/msg00010.html https://securitylab.github.com/advisories/GHSL-2020-075-libsane https://usn.ubuntu.com/4470-1 • CWE-125: Out-of-bounds Read •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2020-12864
https://notcve.org/view.php?id=CVE-2020-12864
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-081. Una lectura fuera de límites en SANE Backends versiones anteriores a 1.0.30, puede permitir a un dispositivo malicioso conectado a la misma red local que la víctima leer información importante, tales como las compensaciones ASLR del programa, también se conoce como GHSL-2020-081 • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html https://securitylab.github.com/advisories/GHSL-2020-075-libsane https://usn.ubuntu.com/4470-1 • CWE-125: Out-of-bounds Read •