Page 6 of 49 results (0.006 seconds)

CVSS: 5.9EPSS: 0%CPEs: 7EXPL: 0

CVE-2020-10177 – python-pillow: multiple out-of-bounds reads in libImaging/FliDecode.c

https://notcve.org/view.php?id=CVE-2020-10177

Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c. Pillow versiones anteriores a 7.1.0, presenta múltiples lecturas fuera de límites en la biblioteca libImaging/FliDecode.c A flaw was found in python-pillow. Multiple out-of-bounds reads occur in libImaging/FliDecode.c. • https://github.com/python-pillow/Pillow/commits/master/src/libImaging https://github.com/python-pillow/Pillow/pull/4503 https://github.com/python-pillow/Pillow/pull/4538 https://lists.debian.org/debian-lts-announce/2020/08/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427 https://pillow.readthedocs.io/en • CWE-125: Out-of-bounds Read •

CVSS: 8.1EPSS: 1%CPEs: 6EXPL: 0

CVE-2020-11538 – python-pillow: out-of-bounds reads/writes in the parsing of SGI image files in expandrow/expandrow2

https://notcve.org/view.php?id=CVE-2020-11538

In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311. En la biblioteca libImaging/SgiRleDecode.c en Pillow versiones hasta 7.0.0, se presentan múltiples lecturas fuera de límites en el análisis de archivos de imagen SGI, un problema diferente de CVE-2020-5311 An out-of-bounds read/write flaw was found in python-pillow, in the way SGI RLE images are decoded. An application that uses python-pillow to decode untrusted images may be vulnerable. This flaw allows an attacker to crash the application or potentially execute code on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://github.com/python-pillow/Pillow/pull/4504 https://github.com/python-pillow/Pillow/pull/4538 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427 https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html https://pillow.readthedocs.io/en/stable/releasenotes/index.html https://usn.ubuntu.com/4430-1 https:&#x • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2020-10994 – python-pillow: multiple out-of-bounds reads via a crafted JP2 file

https://notcve.org/view.php?id=CVE-2020-10994

In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file. En la biblioteca libImaging/Jpeg2KDecode.c en Pillow versiones anteriores a 7.1.0, se presentan múltiples lecturas fuera de límites por medio de un archivo JP2 diseñado An out-of-bounds read flaw was found in python-pillow in the way JP2 images are parsed. An application that uses python-pillow to decode untrusted images may be vulnerable to this issue. This flaw allows an attacker to read data. The highest threat from this vulnerability is to confidentiality. • https://github.com/python-pillow/Pillow/commits/master/src/libImaging https://github.com/python-pillow/Pillow/pull/4505 https://github.com/python-pillow/Pillow/pull/4538 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427 https://pillow.readthedocs.io/en/stable/releasenotes https://pillow.readthedocs.io/en/stable/releasenotes/ • CWE-125: Out-of-bounds Read •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2020-10379 – python-pillow: two buffer overflows in libImaging/TiffDecode.c due to small buffers allocated in ImagingLibTiffDecode()

https://notcve.org/view.php?id=CVE-2020-10379

In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c. En Pillow versiones anteriores a 7.1.0, se presentan dos Desbordamientos de Búfer en la biblioteca libImaging/TiffDecode.c • https://github.com/python-pillow/Pillow/commit/46f4a349b88915787fea3fb91348bb1665831bbb#diff-9478f2787e3ae9668a15123b165c23ac https://github.com/python-pillow/Pillow/commits/master/src/libImaging https://github.com/python-pillow/Pillow/pull/4538 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427 https://pillow.readthedocs.io/en/stable/releasenotes/7.1&# • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 0

CVE-2020-10378 – python-pillow: an out-of-bounds read in libImaging/PcxDecode.c can occur when reading PCX files

https://notcve.org/view.php?id=CVE-2020-10378

In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer. En la biblioteca libImaging/PcxDecode.c en Pillow versiones anteriores a 7.1.0, puede ocurrir una lectura fuera de límites cuando se leen archivos PCX donde state->shuffle es instruido para que lea más allá de state->buffer A flaw was found in python-pillow. In libImaging/PcxDecode.c, an out-of-bounds read occurs when reading PCX files where state->shuffle is instructed to read beyond state->buffer. • https://github.com/python-pillow/Pillow/commit/6a83e4324738bb0452fbe8074a995b1c73f08de7#diff-9478f2787e3ae9668a15123b165c23ac https://github.com/python-pillow/Pillow/commits/master/src/libImaging https://github.com/python-pillow/Pillow/pull/4538 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427 https://pillow.readthedocs.io/en/stable/releasenotes/7.1&# • CWE-125: Out-of-bounds Read •