rpm package
opensuse/python-Pillow&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/python-Pillow&distro=openSUSE%20Tumbleweed
Vulnerabilities (26)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-15999 | — | KEV | < 8.3.2-1.2 | 8.3.2-1.2 | Nov 3, 2020 | Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2016-3076 | Med | 5.5 | < 3.4.2-1.1 | 3.4.2-1.1 | Apr 24, 2017 | Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file. | |
| CVE-2016-0775 | Med | 6.5 | < 3.4.2-1.1 | 3.4.2-1.1 | Apr 13, 2016 | Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file. | |
| CVE-2016-0740 | Med | 6.5 | < 3.4.2-1.1 | 3.4.2-1.1 | Apr 13, 2016 | Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file. | |
| CVE-2014-3598 | — | < 3.4.2-1.1 | 3.4.2-1.1 | May 1, 2015 | The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image. | ||
| CVE-2014-3589 | — | < 3.4.2-1.1 | 3.4.2-1.1 | Aug 25, 2014 | PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size. |
- affected < 8.3.2-1.2fixed 8.3.2-1.2
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- affected < 3.4.2-1.1fixed 3.4.2-1.1
Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.
- affected < 3.4.2-1.1fixed 3.4.2-1.1
Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file.
- affected < 3.4.2-1.1fixed 3.4.2-1.1
Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file.
- CVE-2014-3598May 1, 2015affected < 3.4.2-1.1fixed 3.4.2-1.1
The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.
- CVE-2014-3589Aug 25, 2014affected < 3.4.2-1.1fixed 3.4.2-1.1
PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.
Page 2 of 2