rpm package
suse/python-Pillow&distro=SUSE OpenStack Cloud 6
pkg:rpm/suse/python-Pillow&distro=SUSE%20OpenStack%20Cloud%206
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-3076 | Med | 5.5 | < 2.7.0-4.3.1 | 2.7.0-4.3.1 | Apr 24, 2017 | Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file. | |
| CVE-2016-9190 | Hig | 7.8 | < 2.7.0-4.3.1 | 2.7.0-4.3.1 | Nov 4, 2016 | Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component. | |
| CVE-2016-0775 | Med | 6.5 | < 2.7.0-3.1 | 2.7.0-3.1 | Apr 13, 2016 | Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file. | |
| CVE-2016-0740 | Med | 6.5 | < 2.7.0-3.1 | 2.7.0-3.1 | Apr 13, 2016 | Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file. |
- affected < 2.7.0-4.3.1fixed 2.7.0-4.3.1
Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.
- affected < 2.7.0-4.3.1fixed 2.7.0-4.3.1
Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component.
- affected < 2.7.0-3.1fixed 2.7.0-3.1
Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file.
- affected < 2.7.0-3.1fixed 2.7.0-3.1
Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file.