CVE-2016-2533
https://notcve.org/view.php?id=CVE-2016-2533
Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file. Desbordamiento de buffer en la función ImagengPcdDecode en PcdDecode.c en Pillow en versiones anteriores a 3.1.1 y Python Imageng Library (PIL) 1.1.7 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo PhotoCD manipulado. • http://www.debian.org/security/2016/dsa-3499 http://www.openwall.com/lists/oss-security/2016/02/02/5 http://www.openwall.com/lists/oss-security/2016/02/22/2 http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst https://github.com/python-pillow/Pillow/commit/5bdf54b5a76b54fb00bd05f2d733e0a4173eefc9#diff-8ff6909c159597e22288ad818938fd6b https://github.com/python-pillow/Pillow/commit/ae453aa18b66af54e7ff716 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-0740
https://notcve.org/view.php?id=CVE-2016-0740
Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file. Desbordamiento de buffer en la función ImagengLibTiffDecode en libImageng/TiffDecode.c en Pillow en versiones anteriores a 3.1.1 permite a atacantes remotos sobrescribir memoria a través de un archivo TIFF manipulado. • http://www.debian.org/security/2016/dsa-3499 https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst https://github.com/python-pillow/Pillow/commit/6dcbf5bd96b717c58d7b642949da8d323099928e https://security.gentoo.org/glsa/201612-52 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-3598
https://notcve.org/view.php?id=CVE-2014-3598
The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image. El plugin Jpeg2KImagePlugin en Pillow anterior a 2.5.3 permite a atacantes remotos causar una denegación de servicio a través de una imagen manipulada. • http://lists.opensuse.org/opensuse-updates/2015-04/msg00056.html https://pypi.python.org/pypi/Pillow/2.5.3 • CWE-399: Resource Management Errors •
CVE-2014-9601
https://notcve.org/view.php?id=CVE-2014-9601
Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed. Pillow anterior a 2.7.0 permite a atacantes remotos causar una denegación de servicio a través de un fragmento de texto comprimido en una imagen PNG que tiene un tamaño grande cuando está descomprimido. • http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148442.html http://lists.opensuse.org/opensuse-updates/2015-04/msg00056.html http://pillow.readthedocs.org/releasenotes/2.7.0.html http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html http://www.securityfocus.com/bid/77758 https://github.com/python-pillow/Pillow/pull/1060 https://www.djangoproject.com/weblog/2015/jan/02/pillow-security-release • CWE-20: Improper Input Validation •
CVE-2014-3589
https://notcve.org/view.php?id=CVE-2014-3589
PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size. PIL/IcnsImagePlugin.py en Python Imaging Library (PIL) y Pillow anterior a 2.3.2 y 2.5.x anterior a 2.5.2 permite a atacantes remotos causar una denegación de servicio a través de un tamaño de bloque manipulado. • http://lists.opensuse.org/opensuse-updates/2015-04/msg00056.html http://secunia.com/advisories/59825 http://www.debian.org/security/2014/dsa-3009 https://github.com/python-pillow/Pillow/commit/205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d https://pypi.python.org/pypi/Pillow/2.3.2 https://pypi.python.org/pypi/Pillow/2.5.2 • CWE-20: Improper Input Validation •