AVG-1635 log

Package python-pillow
Status Fixed
Severity Medium
Type multiple issues
Affected 8.1.0-1
Fixed 8.1.2-1
Current 9.0.0-1 [community]
Ticket FS#70044
Created Wed Mar 3 10:43:53 2021
Issue Severity Remote Type Description
CVE-2021-27923 Low No Denial of service
Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly...
CVE-2021-27922 Low No Denial of service
Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly...
CVE-2021-27921 Low No Denial of service
Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly...
CVE-2021-25293 Medium No Information disclosure
A security issue was found in python-pillow before version 8.1.1. There is an out of bounds read in SGIRleDecode.c, since pillow 4.3.0.
CVE-2021-25292 Low No Denial of service
A security issue was found in python-pillow before version 8.1.1. The PDF parser has a catastrophic backtracking regex that could be used in a denial of...
CVE-2021-25291 Medium No Information disclosure
A security issue was found in python-pillow before version 8.1.1. In TiffDecode.c, invalid tile boundaries could lead to an out of bounds read in TiffReadRGBATile.
CVE-2021-25290 Medium No Information disclosure
A security issue was found in python-pillow before version 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.
CVE-2021-25289 Medium No Arbitrary code execution
A security issue was found in python-pillow before version 8.1.1. The previous fix for CVE-2020-35654 was insufficent due to incorrect error checking in...