rpm package
opensuse/python-CairoSVG&distro=openSUSE Leap 15.2
pkg:rpm/opensuse/python-CairoSVG&distro=openSUSE%20Leap%2015.2
Vulnerabilities (13)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-34552 | — | < 2.5.1-lp152.2.3.1 | 2.5.1-lp152.2.3.1 | Jul 13, 2021 | Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c. | ||
| CVE-2021-25293 | — | < 2.5.1-lp152.2.3.1 | 2.5.1-lp152.2.3.1 | Mar 19, 2021 | An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c. | ||
| CVE-2021-25292 | — | < 2.5.1-lp152.2.3.1 | 2.5.1-lp152.2.3.1 | Mar 19, 2021 | An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex. | ||
| CVE-2021-25291 | — | < 2.5.1-lp152.2.3.1 | 2.5.1-lp152.2.3.1 | Mar 19, 2021 | An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries. | ||
| CVE-2021-25290 | — | < 2.5.1-lp152.2.3.1 | 2.5.1-lp152.2.3.1 | Mar 19, 2021 | An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size. | ||
| CVE-2021-25289 | — | < 2.5.1-lp152.2.3.1 | 2.5.1-lp152.2.3.1 | Mar 19, 2021 | An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654. | ||
| CVE-2021-27921 | — | < 2.5.1-lp152.2.3.1 | 2.5.1-lp152.2.3.1 | Mar 3, 2021 | Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. | ||
| CVE-2021-27922 | — | < 2.5.1-lp152.2.3.1 | 2.5.1-lp152.2.3.1 | Mar 3, 2021 | Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large. | ||
| CVE-2021-27923 | — | < 2.5.1-lp152.2.3.1 | 2.5.1-lp152.2.3.1 | Mar 3, 2021 | Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large. | ||
| CVE-2020-35655 | — | < 2.5.1-lp152.2.3.1 | 2.5.1-lp152.2.3.1 | Jan 12, 2021 | In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled. | ||
| CVE-2020-35654 | — | < 2.5.1-lp152.2.3.1 | 2.5.1-lp152.2.3.1 | Jan 12, 2021 | In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. | ||
| CVE-2020-35653 | — | < 2.5.1-lp152.2.3.1 | 2.5.1-lp152.2.3.1 | Jan 12, 2021 | In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations. | ||
| CVE-2020-15999 | — | KEV | < 2.5.1-lp152.2.3.1 | 2.5.1-lp152.2.3.1 | Nov 3, 2020 | Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
- CVE-2021-34552Jul 13, 2021affected < 2.5.1-lp152.2.3.1fixed 2.5.1-lp152.2.3.1
Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.
- CVE-2021-25293Mar 19, 2021affected < 2.5.1-lp152.2.3.1fixed 2.5.1-lp152.2.3.1
An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.
- CVE-2021-25292Mar 19, 2021affected < 2.5.1-lp152.2.3.1fixed 2.5.1-lp152.2.3.1
An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.
- CVE-2021-25291Mar 19, 2021affected < 2.5.1-lp152.2.3.1fixed 2.5.1-lp152.2.3.1
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.
- CVE-2021-25290Mar 19, 2021affected < 2.5.1-lp152.2.3.1fixed 2.5.1-lp152.2.3.1
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.
- CVE-2021-25289Mar 19, 2021affected < 2.5.1-lp152.2.3.1fixed 2.5.1-lp152.2.3.1
An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.
- CVE-2021-27921Mar 3, 2021affected < 2.5.1-lp152.2.3.1fixed 2.5.1-lp152.2.3.1
Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.
- CVE-2021-27922Mar 3, 2021affected < 2.5.1-lp152.2.3.1fixed 2.5.1-lp152.2.3.1
Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.
- CVE-2021-27923Mar 3, 2021affected < 2.5.1-lp152.2.3.1fixed 2.5.1-lp152.2.3.1
Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.
- CVE-2020-35655Jan 12, 2021affected < 2.5.1-lp152.2.3.1fixed 2.5.1-lp152.2.3.1
In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.
- CVE-2020-35654Jan 12, 2021affected < 2.5.1-lp152.2.3.1fixed 2.5.1-lp152.2.3.1
In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.
- CVE-2020-35653Jan 12, 2021affected < 2.5.1-lp152.2.3.1fixed 2.5.1-lp152.2.3.1
In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.
- affected < 2.5.1-lp152.2.3.1fixed 2.5.1-lp152.2.3.1
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.