rpm package
suse/python-Pillow&distro=SUSE Enterprise Storage 1.0
pkg:rpm/suse/python-Pillow&distro=SUSE%20Enterprise%20Storage%201.0
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-0775 | Med | 6.5 | < 2.7.0-7.1 | 2.7.0-7.1 | Apr 13, 2016 | Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file. | |
| CVE-2016-0740 | Med | 6.5 | < 2.7.0-7.1 | 2.7.0-7.1 | Apr 13, 2016 | Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file. | |
| CVE-2015-3010 | — | < 2.7.0-4.1 | 2.7.0-4.1 | Jun 16, 2015 | ceph-deploy before 1.5.23 uses weak permissions (644) for ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file. | ||
| CVE-2014-3598 | — | < 2.7.0-4.1 | 2.7.0-4.1 | May 1, 2015 | The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image. | ||
| CVE-2014-3589 | — | < 2.7.0-4.1 | 2.7.0-4.1 | Aug 25, 2014 | PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size. |
- affected < 2.7.0-7.1fixed 2.7.0-7.1
Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file.
- affected < 2.7.0-7.1fixed 2.7.0-7.1
Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file.
- CVE-2015-3010Jun 16, 2015affected < 2.7.0-4.1fixed 2.7.0-4.1
ceph-deploy before 1.5.23 uses weak permissions (644) for ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file.
- CVE-2014-3598May 1, 2015affected < 2.7.0-4.1fixed 2.7.0-4.1
The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.
- CVE-2014-3589Aug 25, 2014affected < 2.7.0-4.1fixed 2.7.0-4.1
PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.