VYPR

rpm package

suse/python-Pillow&distro=SUSE Enterprise Storage 4

pkg:rpm/suse/python-Pillow&distro=SUSE%20Enterprise%20Storage%204

Vulnerabilities (5)

  • CVE-2016-3076MedApr 24, 2017
    affected < 2.8.1-4.3.2fixed 2.8.1-4.3.2

    Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.

  • CVE-2016-9190HigNov 4, 2016
    affected < 2.8.1-4.3.2fixed 2.8.1-4.3.2

    Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component.

  • CVE-2016-9189MedNov 4, 2016
    affected < 2.8.1-4.6.1fixed 2.8.1-4.6.1

    Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component.

  • CVE-2016-4009CriApr 13, 2016
    affected < 2.8.1-4.9.1fixed 2.8.1-4.9.1

    Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow.

  • CVE-2016-2533MedApr 13, 2016
    affected < 2.8.1-4.9.1fixed 2.8.1-4.9.1

    Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file.