Search CVE reports

Toggle filters

31 – 40 of 65 results

CVE-2021-25291

Medium priority

Some fixes available 2 of 3

An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.

3 affected packages

pillow, python-imaging, pillow-python2

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pillow Not affected Not affected Not affected Fixed Not affected
python-imaging Not in release Not in release Not in release Not in release Not in release
pillow-python2 Not in release Not in release Not in release Ignored Not in release
Show less packages

CVE-2021-25290

Medium priority

Some fixes available 5 of 6

An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.

3 affected packages

pillow-python2, python-imaging, pillow

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pillow-python2 Not in release Not in release Not in release Ignored Not in release
python-imaging Not in release Not in release Not in release Not in release Not in release
pillow Not affected Not affected Not affected Fixed Fixed
Show less packages

CVE-2021-252893

Medium priority
Needs evaluation

There is an Out of Bounds Read in SGIRleDecode.c, since pillow 4.3.0.

3 affected packages

pillow, pillow-python2, python-imaging

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pillow Needs evaluation Needs evaluation
pillow-python2 Needs evaluation Not in release
python-imaging Not in release Not in release
Show less packages

CVE-2021-252892

Medium priority
Needs evaluation

The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack.

3 affected packages

pillow, pillow-python2, python-imaging

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pillow Needs evaluation Needs evaluation
pillow-python2 Needs evaluation Not in release
python-imaging Not in release Not in release
Show less packages

CVE-2021-252891

Medium priority
Needs evaluation

In TiffDecode.c, invalid tile boundaries could lead to an OOB Read in TiffReadRGBATile

3 affected packages

pillow, pillow-python2, python-imaging

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pillow Needs evaluation Needs evaluation
pillow-python2 Needs evaluation Not in release
python-imaging Not in release Not in release
Show less packages

CVE-2021-252890

Medium priority
Needs evaluation

In TiffDecode.c, there is a negative-offset memcpy with an invalid size

3 affected packages

pillow, pillow-python2, python-imaging

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pillow Needs evaluation Needs evaluation
pillow-python2 Needs evaluation Not in release
python-imaging Not in release Not in release
Show less packages

CVE-2021-25289

Medium priority

Some fixes available 2 of 3

An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because...

3 affected packages

pillow, pillow-python2, python-imaging

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pillow Not affected Not affected Not affected Fixed Not affected
pillow-python2 Not in release Not in release Not in release Ignored Not in release
python-imaging Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-35655

Medium priority

Some fixes available 3 of 4

In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.

3 affected packages

pillow, pillow-python2, python-imaging

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pillow Not affected Not affected Not affected Fixed Fixed
pillow-python2 Not in release Not in release Not in release Ignored Not in release
python-imaging Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-35654

Medium priority

Some fixes available 2 of 3

In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.

3 affected packages

pillow, pillow-python2, python-imaging

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pillow Not affected Not affected Not affected Fixed Not affected
pillow-python2 Not in release Not in release Not in release Ignored Not in release
python-imaging Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-35653

Medium priority

Some fixes available 5 of 6

In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.

3 affected packages

pillow, pillow-python2, python-imaging

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pillow Not affected Not affected Not affected Fixed Fixed
pillow-python2 Not in release Not in release Not in release Ignored Not in release
python-imaging Not in release Not in release Not in release Not in release Not in release
Show less packages
  1. Previous page
  2. 2
  3. 3
  4. 4
  5. 5
  6. 6
  7. Next page
Export to JSON