AVG-1439 log

Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly...

Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly...

Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly...

A security issue was found in python-pillow before version 8.1.1. There is an out of bounds read in SGIRleDecode.c, since pillow 4.3.0.

A security issue was found in python-pillow before version 8.1.1. The PDF parser has a catastrophic backtracking regex that could be used in a denial of...

A security issue was found in python-pillow before version 8.1.1. In TiffDecode.c, invalid tile boundaries could lead to an out of bounds read in TiffReadRGBATile.

A security issue was found in python-pillow before version 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.

A security issue was found in python-pillow before version 8.1.1. The previous fix for CVE-2020-35654 was insufficent due to incorrect error checking in...

In python-pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over- read when decoding crafted SGI RLE image files because offsets and length tables are...

In python-pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts...

In python-pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for...

https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security

python-pillow 7.0.0 dropped support for the end of life Python 2.7, so these issues are unlikely to be fixed in this legacy version of python-pillow, which is retained only for compatibility reasons.