rpm package
suse/python-Pillow&distro=SUSE Linux Enterprise Module for Package Hub 15 SP6
pkg:rpm/suse/python-Pillow&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6
Vulnerabilities (13)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-45198 | — | < 7.2.0-150300.3.18.1 | 7.2.0-150300.3.18.1 | Nov 14, 2022 | Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification). | ||
| CVE-2022-22816 | — | < 7.2.0-150300.3.15.1 | 7.2.0-150300.3.15.1 | Jan 7, 2022 | path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. | ||
| CVE-2022-22815 | — | < 7.2.0-150300.3.15.1 | 7.2.0-150300.3.15.1 | Jan 7, 2022 | path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. | ||
| CVE-2021-23437 | — | < 7.2.0-150300.3.15.1 | 7.2.0-150300.3.15.1 | Sep 3, 2021 | The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function. | ||
| CVE-2021-34552 | — | < 7.2.0-150300.3.15.1 | 7.2.0-150300.3.15.1 | Jul 13, 2021 | Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c. | ||
| CVE-2021-25293 | — | < 7.2.0-150300.3.15.1 | 7.2.0-150300.3.15.1 | Mar 19, 2021 | An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c. | ||
| CVE-2021-25292 | — | < 7.2.0-150300.3.15.1 | 7.2.0-150300.3.15.1 | Mar 19, 2021 | An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex. | ||
| CVE-2021-25290 | — | < 7.2.0-150300.3.15.1 | 7.2.0-150300.3.15.1 | Mar 19, 2021 | An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size. | ||
| CVE-2021-25289 | — | < 7.2.0-150300.3.15.1 | 7.2.0-150300.3.15.1 | Mar 19, 2021 | An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654. | ||
| CVE-2021-27921 | — | < 7.2.0-150300.3.15.1 | 7.2.0-150300.3.15.1 | Mar 3, 2021 | Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. | ||
| CVE-2021-27922 | — | < 7.2.0-150300.3.15.1 | 7.2.0-150300.3.15.1 | Mar 3, 2021 | Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large. | ||
| CVE-2021-27923 | — | < 7.2.0-150300.3.15.1 | 7.2.0-150300.3.15.1 | Mar 3, 2021 | Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large. | ||
| CVE-2020-35654 | — | < 7.2.0-150300.3.15.1 | 7.2.0-150300.3.15.1 | Jan 12, 2021 | In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. |
- CVE-2022-45198Nov 14, 2022affected < 7.2.0-150300.3.18.1fixed 7.2.0-150300.3.18.1
Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).
- CVE-2022-22816Jan 7, 2022affected < 7.2.0-150300.3.15.1fixed 7.2.0-150300.3.15.1
path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.
- CVE-2022-22815Jan 7, 2022affected < 7.2.0-150300.3.15.1fixed 7.2.0-150300.3.15.1
path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.
- CVE-2021-23437Sep 3, 2021affected < 7.2.0-150300.3.15.1fixed 7.2.0-150300.3.15.1
The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.
- CVE-2021-34552Jul 13, 2021affected < 7.2.0-150300.3.15.1fixed 7.2.0-150300.3.15.1
Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.
- CVE-2021-25293Mar 19, 2021affected < 7.2.0-150300.3.15.1fixed 7.2.0-150300.3.15.1
An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.
- CVE-2021-25292Mar 19, 2021affected < 7.2.0-150300.3.15.1fixed 7.2.0-150300.3.15.1
An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.
- CVE-2021-25290Mar 19, 2021affected < 7.2.0-150300.3.15.1fixed 7.2.0-150300.3.15.1
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.
- CVE-2021-25289Mar 19, 2021affected < 7.2.0-150300.3.15.1fixed 7.2.0-150300.3.15.1
An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.
- CVE-2021-27921Mar 3, 2021affected < 7.2.0-150300.3.15.1fixed 7.2.0-150300.3.15.1
Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.
- CVE-2021-27922Mar 3, 2021affected < 7.2.0-150300.3.15.1fixed 7.2.0-150300.3.15.1
Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.
- CVE-2021-27923Mar 3, 2021affected < 7.2.0-150300.3.15.1fixed 7.2.0-150300.3.15.1
Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.
- CVE-2020-35654Jan 12, 2021affected < 7.2.0-150300.3.15.1fixed 7.2.0-150300.3.15.1
In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.