CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-9190 – Ubuntu Security Notice USN-3229-1
https://notcve.org/view.php?id=CVE-2016-9190
04 Nov 2016 — Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component. Pillow en versiones anteriores a 3.3.2 permite a atacantes dependientes de contexto ejecutar código arbitrario utilizando la aproximación "archivo de imagen manipulado", relacionado con un problema "Insecure Sign Extension" que afecta a ImagingNew en el componente Storage.c. It was discovere... • http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2016-4009 – Gentoo Linux Security Advisory 201612-52
https://notcve.org/view.php?id=CVE-2016-4009
13 Apr 2016 — Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow. Desbordamiento de entero en la función ImagengResampleHorizontal en libImaging/Resample.c en Pillow en versiones anteriores a 3.1.1 permite a atacantes remotos tener un impacto no especificado a través de valores negativos del tamaño nuevo, lo que desencadena un desbordam... • http://www.securityfocus.com/bid/86064 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-0740 – Gentoo Linux Security Advisory 201612-52
https://notcve.org/view.php?id=CVE-2016-0740
29 Feb 2016 — Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file. Desbordamiento de buffer en la función ImagengLibTiffDecode en libImageng/TiffDecode.c en Pillow en versiones anteriores a 3.1.1 permite a atacantes remotos sobrescribir memoria a través de un archivo TIFF manipulado. Multiple security vulnerabilities have been found in Pillow, a Python imaging library, which may result in denial of servi... • http://www.debian.org/security/2016/dsa-3499 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-0775 – Gentoo Linux Security Advisory 201612-52
https://notcve.org/view.php?id=CVE-2016-0775
29 Feb 2016 — Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file. Desbordamiento de buffer en la función ImagingFliDecode en libImageng/FliDecode.c en Pillow en versiones anteriores a 3.1.1 permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo FLI manipulado. Multiple security vulnerabilities have been found in Pillow, a Python imaging library, which m... • http://www.debian.org/security/2016/dsa-3499 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 2%CPEs: 4EXPL: 0CVE-2016-2533 – Gentoo Linux Security Advisory 201612-52
https://notcve.org/view.php?id=CVE-2016-2533
29 Feb 2016 — Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file. Desbordamiento de buffer en la función ImagengPcdDecode en PcdDecode.c en Pillow en versiones anteriores a 3.1.1 y Python Imageng Library (PIL) 1.1.7 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo PhotoCD manipulad... • http://www.debian.org/security/2016/dsa-3499 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3598
https://notcve.org/view.php?id=CVE-2014-3598
01 May 2015 — The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image. El plugin Jpeg2KImagePlugin en Pillow anterior a 2.5.3 permite a atacantes remotos causar una denegación de servicio a través de una imagen manipulada. • http://lists.opensuse.org/opensuse-updates/2015-04/msg00056.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2014-9601 – Ubuntu Security Notice USN-3229-1
https://notcve.org/view.php?id=CVE-2014-9601
16 Jan 2015 — Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed. Pillow anterior a 2.7.0 permite a atacantes remotos causar una denegación de servicio a través de un fragmento de texto comprimido en una imagen PNG que tiene un tamaño grande cuando está descomprimido. Jakub Wilk discovered that temporary files were insecurely created (via mktemp()) in the IptcImagePlugin.py, Image.py, JpegImagePlugin.py, and Eps... • http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148442.html • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 1%CPEs: 7EXPL: 0CVE-2014-3589 – Debian Security Advisory 3009-1
https://notcve.org/view.php?id=CVE-2014-3589
22 Aug 2014 — PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size. PIL/IcnsImagePlugin.py en Python Imaging Library (PIL) y Pillow anterior a 2.3.2 y 2.5.x anterior a 2.5.2 permite a atacantes remotos causar una denegación de servicio a través de un tamaño de bloque manipulado. Jakub Wilk discovered that temporary files were insecurely created (via mktemp()) in the IptcImagePlugin.py, Image.py, ... • http://lists.opensuse.org/opensuse-updates/2015-04/msg00056.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 0CVE-2014-3007 – Mandriva Linux Security Advisory 2015-099
https://notcve.org/view.php?id=CVE-2014-3007
27 Apr 2014 — Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py. Python Image Library (PIL) 1.1.7 y anteriores y Pillow 2.3 podrían permitir a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres de shell en vectores no especificados relacionados con CVE-2014-1932, posiblemente JpegImagePlugin.py. Jakub Wilk discovered that tempora... • http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1932.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2014-1932 – Mandriva Linux Security Advisory 2014-082
https://notcve.org/view.php?id=CVE-2014-1932
15 Apr 2014 — The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file. Las funciones (1) load_djpeg ein JpegImagePlugin.py, (2) Ghostscript en EpsImagePlugin.py, (3) l... • http://lists.opensuse.org/opensuse-updates/2014-05/msg00002.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •