CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25293 – python-pillow: Out-of-bounds read in SGI RLE image reader
https://notcve.org/view.php?id=CVE-2021-25293
An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c. Se detectó un problema en Pillow versiones anteriores a 8.1.1. Se presenta una lectura fuera de límites en el archivo SGIRleDecode.c A flaw was found in python-pillow. There is an Out of Bounds Read in SGIRleDecode.c. • https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html https://security.gentoo.org/glsa/202107-33 https://access.redhat.com/security/cve/CVE-2021-25293 https://bugzilla.redhat.com/show_bug.cgi?id=1934705 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-27921 – python-pillow: Excessive memory allocation in BLP image reader
https://notcve.org/view.php?id=CVE-2021-27921
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. Pillow versiones anteriores a 8.1.1, permite a atacantes causar una denegación de servicio (consumo de memoria) porque el tamaño informado de una imagen contenida no es comprobado apropiadamente para un contenedor BLP y, por lo tanto, un intento de asignación de memoria puede ser muy grande A flaw was found in python-pillow. Attackers can cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html https://security.gentoo.org/glsa/202107-33 https://access.redhat.com/security/cve/CVE-2021-27921 h • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-27922 – python-pillow: Excessive memory allocation in ICNS image reader
https://notcve.org/view.php?id=CVE-2021-27922
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large. Pillow versiones anteriores a 8.1.1, permite a atacantes causar una denegación de servicio (consumo de la memoria) porque el tamaño reportado de una imagen contenida no es comprobado apropiadamente para un contenedor ICNS y, por lo tanto, un intento de asignación de la memoria puede ser muy grande A flaw was found in python-pillow. Attackers can cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html https://security.gentoo.org/glsa/202107-33 https://access.redhat.com/security/cve/CVE-2021-27922 h • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-27923 – python-pillow: Excessive memory allocation in ICO image reader
https://notcve.org/view.php?id=CVE-2021-27923
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large. Pillow versiones anteriores a 8.1.1, permite a atacantes causar una denegación de servicio (consumo de la memoria) porque el tamaño reportado de una imagen contenida no es comprobado apropiadamente para un contenedor ICO y, por lo tanto, un intento de asignación de memoria puede ser muy grande A flaw was found in python-pillow. Attackers can cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html https://security.gentoo.org/glsa/202107-33 https://access.redhat.com/security/cve/CVE-2021-27923 h • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2020-35653 – python-pillow: Buffer over-read in PCX image reader
https://notcve.org/view.php?id=CVE-2020-35653
In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations. En Pillow versiones anteriores a 8.1.0, la función PcxDecode presenta una lectura excesiva del búfer cuando se decodifica un archivo PCX diseñado porque el valor de paso suministrado por el usuario es confiable para los cálculos del búfer A flaw was found in python-pillow. The PcxDecode in Pillow has a buffer over-read when decoding a crafted PCX file due to the user-supplied stride value trusted for buffer calculations. The highest threat from this vulnerability is to system availability. • https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD https://pillow.readthedocs.io/en/stable/releasenotes/index.html https://access.redhat.com/security/cve/CVE-2020-35653 https://bugzilla.redhat.com/show_bug.cgi?id=1915420 • CWE-125: Out-of-bounds Read •