CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 0CVE-2019-16865 – python-pillow: reading specially crafted image files leads to allocation of large amounts of memory and denial of service
https://notcve.org/view.php?id=CVE-2019-16865
An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image. Se detectó un problema en Pillow versiones anteriores a 6.2.0. Cuando se leen archivos de imagen no válidos especialmente diseñados, la biblioteca puede ya sea asignar cantidades muy grandes de memoria o tomar un período de tiempo extremadamente largo para procesar la imagen. A flaw was discovered in the way the python-pillow may allocate a large amount of memory or require a long time while processing specially crafted image files, possibly causing a denial of service. • https://access.redhat.com/errata/RHSA-2020:0566 https://access.redhat.com/errata/RHSA-2020:0578 https://access.redhat.com/errata/RHSA-2020:0580 https://access.redhat.com/errata/RHSA-2020:0681 https://access.redhat.com/errata/RHSA-2020:0683 https://access.redhat.com/errata/RHSA-2020:0694 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EMJBUZQGQ2Q7HXYCQVRLU7OXNC7CAWWU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/mess • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-9189
https://notcve.org/view.php?id=CVE-2016-9189
Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component. Pillow en versiones anteriores a 3.3.2 permite a atacantes dependientes de contexto obtener información sensible utilizando la aproximación "archivo de imagen manipulado", relacionado con un problema "Integer Overflow" que afecta a Image.core.map_buffer en el componente map.c. • http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html http://www.debian.org/security/2016/dsa-3710 http://www.securityfocus.com/bid/94234 https://github.com/python-pillow/Pillow/issues/2105 https://github.com/python-pillow/Pillow/pull/2146/commits/c50ebe6459a131a1ea8ca531f10da616d3ceaa0f https://security.gentoo.org/glsa/201612-52 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-9190
https://notcve.org/view.php?id=CVE-2016-9190
Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component. Pillow en versiones anteriores a 3.3.2 permite a atacantes dependientes de contexto ejecutar código arbitrario utilizando la aproximación "archivo de imagen manipulado", relacionado con un problema "Insecure Sign Extension" que afecta a ImagingNew en el componente Storage.c. • http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html http://www.debian.org/security/2016/dsa-3710 http://www.securityfocus.com/bid/94234 https://github.com/python-pillow/Pillow/issues/2105 https://github.com/python-pillow/Pillow/pull/2146/commits/5d8a0be45aad78c5a22c8d099118ee26ef8144af https://security.gentoo.org/glsa/201612-52 • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2016-4009
https://notcve.org/view.php?id=CVE-2016-4009
Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow. Desbordamiento de entero en la función ImagengResampleHorizontal en libImaging/Resample.c en Pillow en versiones anteriores a 3.1.1 permite a atacantes remotos tener un impacto no especificado a través de valores negativos del tamaño nuevo, lo que desencadena un desbordamiento de buffer basado en memoria dinámica. • http://www.securityfocus.com/bid/86064 https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst https://github.com/python-pillow/Pillow/commit/4e0d9b0b9740d258ade40cce248c93777362ac1e https://github.com/python-pillow/Pillow/pull/1714 https://security.gentoo.org/glsa/201612-52 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-0740
https://notcve.org/view.php?id=CVE-2016-0740
Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file. Desbordamiento de buffer en la función ImagengLibTiffDecode en libImageng/TiffDecode.c en Pillow en versiones anteriores a 3.1.1 permite a atacantes remotos sobrescribir memoria a través de un archivo TIFF manipulado. • http://www.debian.org/security/2016/dsa-3499 https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst https://github.com/python-pillow/Pillow/commit/6dcbf5bd96b717c58d7b642949da8d323099928e https://security.gentoo.org/glsa/201612-52 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •