CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-0775 – Gentoo Linux Security Advisory 201612-52
https://notcve.org/view.php?id=CVE-2016-0775
29 Feb 2016 — Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file. Desbordamiento de buffer en la función ImagingFliDecode en libImageng/FliDecode.c en Pillow en versiones anteriores a 3.1.1 permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo FLI manipulado. Multiple security vulnerabilities have been found in Pillow, a Python imaging library, which m... • http://www.debian.org/security/2016/dsa-3499 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 2%CPEs: 4EXPL: 0CVE-2016-2533 – Gentoo Linux Security Advisory 201612-52
https://notcve.org/view.php?id=CVE-2016-2533
29 Feb 2016 — Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file. Desbordamiento de buffer en la función ImagengPcdDecode en PcdDecode.c en Pillow en versiones anteriores a 3.1.1 y Python Imageng Library (PIL) 1.1.7 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo PhotoCD manipulad... • http://www.debian.org/security/2016/dsa-3499 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3598
https://notcve.org/view.php?id=CVE-2014-3598
01 May 2015 — The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image. El plugin Jpeg2KImagePlugin en Pillow anterior a 2.5.3 permite a atacantes remotos causar una denegación de servicio a través de una imagen manipulada. • http://lists.opensuse.org/opensuse-updates/2015-04/msg00056.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2014-9601 – Ubuntu Security Notice USN-3229-1
https://notcve.org/view.php?id=CVE-2014-9601
16 Jan 2015 — Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed. Pillow anterior a 2.7.0 permite a atacantes remotos causar una denegación de servicio a través de un fragmento de texto comprimido en una imagen PNG que tiene un tamaño grande cuando está descomprimido. Jakub Wilk discovered that temporary files were insecurely created (via mktemp()) in the IptcImagePlugin.py, Image.py, JpegImagePlugin.py, and Eps... • http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148442.html • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 1%CPEs: 7EXPL: 0CVE-2014-3589 – Debian Security Advisory 3009-1
https://notcve.org/view.php?id=CVE-2014-3589
22 Aug 2014 — PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size. PIL/IcnsImagePlugin.py en Python Imaging Library (PIL) y Pillow anterior a 2.3.2 y 2.5.x anterior a 2.5.2 permite a atacantes remotos causar una denegación de servicio a través de un tamaño de bloque manipulado. Jakub Wilk discovered that temporary files were insecurely created (via mktemp()) in the IptcImagePlugin.py, Image.py, ... • http://lists.opensuse.org/opensuse-updates/2015-04/msg00056.html • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2014-1932 – Mandriva Linux Security Advisory 2014-082
https://notcve.org/view.php?id=CVE-2014-1932
15 Apr 2014 — The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file. Las funciones (1) load_djpeg ein JpegImagePlugin.py, (2) Ghostscript en EpsImagePlugin.py, (3) l... • http://lists.opensuse.org/opensuse-updates/2014-05/msg00002.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 1CVE-2014-1933 – Mandriva Linux Security Advisory 2014-082
https://notcve.org/view.php?id=CVE-2014-1933
15 Apr 2014 — The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes. Los scripts (1) JpegImagePlugin.py y (2) EpsImagePlugin.py en Python Image Library (PIL) 1.1.7 y anteriores y Pillow anterior a 2.3.1 utiliza los nombres de archivos temporales en la línea de comando, lo que facilita a usuarios local... • http://lists.opensuse.org/opensuse-updates/2014-05/msg00002.html • CWE-264: Permissions, Privileges, and Access Controls •