VYPR

rpm package

opensuse/python-Pillow&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/python-Pillow&distro=openSUSE%20Tumbleweed

Vulnerabilities (26)

  • CVE-2020-15999KEVNov 3, 2020
    affected < 8.3.2-1.2fixed 8.3.2-1.2

    Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2016-3076MedApr 24, 2017
    affected < 3.4.2-1.1fixed 3.4.2-1.1

    Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.

  • CVE-2016-0775MedApr 13, 2016
    affected < 3.4.2-1.1fixed 3.4.2-1.1

    Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file.

  • CVE-2016-0740MedApr 13, 2016
    affected < 3.4.2-1.1fixed 3.4.2-1.1

    Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file.

  • CVE-2014-3598May 1, 2015
    affected < 3.4.2-1.1fixed 3.4.2-1.1

    The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.

  • CVE-2014-3589Aug 25, 2014
    affected < 3.4.2-1.1fixed 3.4.2-1.1

    PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.

Page 2 of 2