Page 8 of 38 results (0.009 seconds)

CVSS: 9.8EPSS: 1%CPEs: 9EXPL: 0

libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow. El archivo libImaging/PcxDecode.c en Pillow versiones anteriores a la versión 6.2.2, tiene un desbordamiento de búfer en modo PCX P. A flaw was discovered in python-pillow does where it does not properly restrict operations within the bounds of a memory buffer when decoding PCX images. An application that uses python-pillow to decode untrusted images may be vulnerable to this flaw, which can allow an attacker to crash the application or potentially execute code on the system. • https://access.redhat.com/errata/RHSA-2020:0566 https://access.redhat.com/errata/RHSA-2020:0578 https://access.redhat.com/errata/RHSA-2020:0580 https://access.redhat.com/errata/RHSA-2020:0681 https://access.redhat.com/errata/RHSA-2020:0683 https://access.redhat.com/errata/RHSA-2020:0694 https://github.com/python-pillow/Pillow/commit/93b22b846e0269ee9594ff71a72bec02d2bea8fd https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A https:/& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 8.2EPSS: 0%CPEs: 9EXPL: 0

libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow. El archivo libImaging/FliDecode.c en Pillow versiones anteriores a la versión 6.2.2, tiene un desbordamiento de búfer de FLI. An out-of-bounds read was discovered in python-pillow in the way it decodes FLI images. An application that uses python-pillow to load untrusted images may be vulnerable to this flaw, which can allow an attacker to read the memory of the application they should be not allowed to read. • https://github.com/python-pillow/Pillow/commit/a09acd0decd8a87ccce939d5ff65dab59e7d365b https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html https://usn.ubuntu.com/4272-1 https://www.debian.org/security/2020/dsa-4631 https://access.redhat.com/security/cve/CVE-2020-5 • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 0

An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image. Se detectó un problema en Pillow versiones anteriores a 6.2.0. Cuando se leen archivos de imagen no válidos especialmente diseñados, la biblioteca puede ya sea asignar cantidades muy grandes de memoria o tomar un período de tiempo extremadamente largo para procesar la imagen. A flaw was discovered in the way the python-pillow may allocate a large amount of memory or require a long time while processing specially crafted image files, possibly causing a denial of service. • https://access.redhat.com/errata/RHSA-2020:0566 https://access.redhat.com/errata/RHSA-2020:0578 https://access.redhat.com/errata/RHSA-2020:0580 https://access.redhat.com/errata/RHSA-2020:0681 https://access.redhat.com/errata/RHSA-2020:0683 https://access.redhat.com/errata/RHSA-2020:0694 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EMJBUZQGQ2Q7HXYCQVRLU7OXNC7CAWWU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/mess • CWE-770: Allocation of Resources Without Limits or Throttling •