rpm package
suse/python-Pillow&distro=SUSE Enterprise Storage 4
pkg:rpm/suse/python-Pillow&distro=SUSE%20Enterprise%20Storage%204
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-3076 | Med | 5.5 | < 2.8.1-4.3.2 | 2.8.1-4.3.2 | Apr 24, 2017 | Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file. | |
| CVE-2016-9190 | Hig | 7.8 | < 2.8.1-4.3.2 | 2.8.1-4.3.2 | Nov 4, 2016 | Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component. | |
| CVE-2016-9189 | Med | 5.5 | < 2.8.1-4.6.1 | 2.8.1-4.6.1 | Nov 4, 2016 | Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component. | |
| CVE-2016-4009 | Cri | 9.8 | < 2.8.1-4.9.1 | 2.8.1-4.9.1 | Apr 13, 2016 | Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow. | |
| CVE-2016-2533 | Med | 6.5 | < 2.8.1-4.9.1 | 2.8.1-4.9.1 | Apr 13, 2016 | Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file. |
- affected < 2.8.1-4.3.2fixed 2.8.1-4.3.2
Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.
- affected < 2.8.1-4.3.2fixed 2.8.1-4.3.2
Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component.
- affected < 2.8.1-4.6.1fixed 2.8.1-4.6.1
Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component.
- affected < 2.8.1-4.9.1fixed 2.8.1-4.9.1
Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow.
- affected < 2.8.1-4.9.1fixed 2.8.1-4.9.1
Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file.