RSS   Vulnerabilities for 'Pillow'   RSS

2022-03-28
 
CVE-2022-24303

NVD-CWE-noinfo
 

 
Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.

 
2021-09-03
 
CVE-2021-23437

CWE-125
 

 
The package pillow from 0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.

 
2021-07-13
 
CVE-2021-34552

CWE-120
 

 
Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.

 
2021-06-02
 
CVE-2021-25287

CWE-125
 

 
An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.

 
 
CVE-2021-25288

CWE-125
 

 
An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i.

 
 
CVE-2021-28676

CWE-835
 

 
An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load.

 
 
CVE-2021-28677

NVD-CWE-noinfo
 

 
An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a DoS of Pillow in the open phase, before an image was accepted for opening.

 
2021-03-19
 
CVE-2021-25293

CWE-125
 

 
An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.

 
 
CVE-2021-25292

NVD-CWE-Other
 

 
An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.

 
 
CVE-2021-25291

CWE-125
 

 
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.

 


Copyright 2024, cxsecurity.com

 

Back to Top