python-pillow

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Python Imaging Library (PIL) fork.
Version 8.4.0-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2366 8.3.1-1 8.3.2-1 Low Fixed
AVG-2150 8.2.0-2 8.3.0-1 Medium Fixed
AVG-1635 8.1.0-1 8.1.2-1 Medium Fixed FS#70044
AVG-1438 8.0.1-3 8.1.0-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2021-34552 AVG-2150 Medium Yes Arbitrary code execution
Pillow through 8.2.0 allows an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.
CVE-2021-27923 AVG-1635 Low No Denial of service
Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly...
CVE-2021-27922 AVG-1635 Low No Denial of service
Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly...
CVE-2021-27921 AVG-1635 Low No Denial of service
Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly...
CVE-2021-25293 AVG-1635 Medium No Information disclosure
A security issue was found in python-pillow before version 8.1.1. There is an out of bounds read in SGIRleDecode.c, since pillow 4.3.0.
CVE-2021-25292 AVG-1635 Low No Denial of service
A security issue was found in python-pillow before version 8.1.1. The PDF parser has a catastrophic backtracking regex that could be used in a denial of...
CVE-2021-25291 AVG-1635 Medium No Information disclosure
A security issue was found in python-pillow before version 8.1.1. In TiffDecode.c, invalid tile boundaries could lead to an out of bounds read in TiffReadRGBATile.
CVE-2021-25290 AVG-1635 Medium No Information disclosure
A security issue was found in python-pillow before version 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.
CVE-2021-25289 AVG-1635 Medium No Arbitrary code execution
A security issue was found in python-pillow before version 8.1.1. The previous fix for CVE-2020-35654 was insufficent due to incorrect error checking in...
CVE-2021-23437 AVG-2366 Low Yes Denial of service
The package pillow from 0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.
CVE-2020-35655 AVG-1438 Low No Denial of service
In python-pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over- read when decoding crafted SGI RLE image files because offsets and length tables are...
CVE-2020-35654 AVG-1438 Medium No Arbitrary code execution
In python-pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts...
CVE-2020-35653 AVG-1438 Medium No Information disclosure
In python-pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for...

Advisories

Date Advisory Group Severity Type
14 Jul 2021 ASA-202107-26 AVG-2150 Medium arbitrary code execution
12 Jan 2021 ASA-202101-11 AVG-1438 Medium multiple issues