Search CVE reports
21 – 30 of 59 results
Some fixes available 3 of 5
An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.
3 affected packages
pillow, pillow-python2, python-imaging
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| pillow | Not affected | Not affected | Fixed | Fixed |
| pillow-python2 | Not in release | Not in release | Needs evaluation | Not in release |
| python-imaging | Not in release | Not in release | Not in release | Not in release |
Some fixes available 2 of 4
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.
3 affected packages
pillow, python-imaging, pillow-python2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| pillow | Not affected | Not affected | Fixed | Not affected |
| python-imaging | Not in release | Not in release | Not in release | Not in release |
| pillow-python2 | Not in release | Not in release | Needs evaluation | Not in release |
Some fixes available 4 of 7
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.
3 affected packages
pillow-python2, python-imaging, pillow
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| pillow-python2 | Not in release | Not in release | Needs evaluation | Not in release |
| python-imaging | Not in release | Not in release | Not in release | Not in release |
| pillow | Not affected | Not affected | Fixed | Fixed |
There is an Out of Bounds Read in SGIRleDecode.c, since pillow 4.3.0.
3 affected packages
pillow, pillow-python2, python-imaging
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| pillow | — | — | Needs evaluation | Needs evaluation |
| pillow-python2 | — | — | Needs evaluation | Not in release |
| python-imaging | — | — | Not in release | Not in release |
The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack.
3 affected packages
pillow, pillow-python2, python-imaging
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| pillow | — | — | Needs evaluation | Needs evaluation |
| pillow-python2 | — | — | Needs evaluation | Not in release |
| python-imaging | — | — | Not in release | Not in release |
In TiffDecode.c, invalid tile boundaries could lead to an OOB Read in TiffReadRGBATile
3 affected packages
pillow, pillow-python2, python-imaging
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| pillow | — | — | Needs evaluation | Needs evaluation |
| pillow-python2 | — | — | Needs evaluation | Not in release |
| python-imaging | — | — | Not in release | Not in release |
In TiffDecode.c, there is a negative-offset memcpy with an invalid size
3 affected packages
pillow, pillow-python2, python-imaging
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| pillow | — | — | Needs evaluation | Needs evaluation |
| pillow-python2 | — | — | Needs evaluation | Not in release |
| python-imaging | — | — | Not in release | Not in release |
Some fixes available 2 of 4
An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because...
3 affected packages
pillow, pillow-python2, python-imaging
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| pillow | Not affected | Not affected | Fixed | Not affected |
| pillow-python2 | Not in release | Not in release | Needs evaluation | Not in release |
| python-imaging | Not in release | Not in release | Not in release | Not in release |
Some fixes available 12 of 16
An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i.
3 affected packages
pillow, pillow-python2, python-imaging
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| pillow | Fixed | Fixed | Fixed | Fixed |
| pillow-python2 | Not in release | Not in release | Needs evaluation | Not in release |
| python-imaging | Not in release | Not in release | Not in release | Not in release |
Some fixes available 12 of 16
An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.
3 affected packages
python-imaging, pillow, pillow-python2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-imaging | Not in release | Not in release | Not in release | Not in release |
| pillow | Fixed | Fixed | Fixed | Fixed |
| pillow-python2 | Not in release | Not in release | Needs evaluation | Not in release |