Download
| Alert*
oval:org.secpod.oval:def:602393
Multiple security vulnerabilities have been found in Pillow, a Python imaging library, which may result in denial of service or the execution of arbitrary code if a malformed FLI, PCD or Tiff files is processed. oval:org.secpod.oval:def:602407 python-pil is installed oval:org.secpod.oval:def:605096 python-pil is installed oval:org.secpod.oval:def:2001573 Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service via a crafted Jpeg2000 file. oval:org.secpod.oval:def:2004720 An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image. oval:org.secpod.oval:def:69956 Multiple security issues were discovered in python-pil, a Python imaging library, which could result in denial of service and potentially the execution of arbitrary code if malformed PCX, FLI, SGI or TIFF images are processed. oval:org.secpod.oval:def:2003876 In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311. oval:org.secpod.oval:def:2003875 Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c. oval:org.secpod.oval:def:2003878 In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state- oval:org.secpod.oval:def:72111 pillow: Python Imaging Library Pillow could be made to crash or hang if it opened a specially crafted file. oval:org.secpod.oval:def:70153 pillow: Python Imaging Library Pillow could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703290 pillow: Python Imaging Library compatibility layer Details: USN-3090-1 fixed vulnerabilities in Pillow. The patch to fix CVE-2014-9601 caused a regression which resulted in failures when processing certain png images. This update temporarily reverts the security fix for CVE-2014-9601 pending further ... oval:org.secpod.oval:def:703513 pillow: Python Imaging Library Several security issues were fixed in Pillow. oval:org.secpod.oval:def:52809 pillow: Python Imaging Library compatibility layer Pillow could be made to crash if it received specially crafted input or opened a specially crafted file. oval:org.secpod.oval:def:703284 pillow: Python Imaging Library compatibility layer Pillow could be made to crash if it received specially crafted input or opened a specially crafted file. oval:org.secpod.oval:def:39468 pillow: Python Imaging Library Several security issues were fixed in Pillow. oval:org.secpod.oval:def:706017 pillow: Python Imaging Library Pillow could be made to crash or hang if it opened a specially crafted file. oval:org.secpod.oval:def:602663 Cris Neckar discovered multiple vulnerabilities in Pillow, a Python imaging library, which may result in the execution of arbitrary code or information disclosure if a malformed image file is processed. oval:org.secpod.oval:def:70344 pillow: Python Imaging Library Pillow could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:52186 pillow: Python Imaging Library Several security issues were fixed in Pillow. oval:org.secpod.oval:def:51743 pillow: Python Imaging Library Several security issues were fixed in Pillow. oval:org.secpod.oval:def:52810 pillow: Python Imaging Library compatibility layer Details: USN-3090-1 fixed vulnerabilities in Pillow. The patch to fix CVE-2014-9601 caused a regression which resulted in failures when processing certain png images. This update temporarily reverts the security fix for CVE-2014-9601 pending further ... oval:org.secpod.oval:def:707778 pillow: Python Imaging Library Details: USN-5227-1 fixed vulnerabilities in Pillow. It was discovered that the fix for CVE-2022-22817 was incomplete. This update fixes the problem. Original advisory An incomplete fix was discovered in Pillow. oval:org.secpod.oval:def:78182 pillow: Python Imaging Library Several security issues were fixed in Pillow. oval:org.secpod.oval:def:605788 Multiple security issues were discovered in Pillow, a Python imaging library, which could result in denial of service and potentially the execution of arbitrary code if malformed images are processed. oval:org.secpod.oval:def:706278 pillow: Python Imaging Library Several security issues were fixed in Pillow. oval:org.secpod.oval:def:78153 Multiple security issues were discovered in Pillow, a Python imaging library, which could result in denial of service and potentially the execution of arbitrary code if malformed images are processed. oval:org.secpod.oval:def:88504 pillow: Python Imaging Library Details: USN-5227-1 fixed vulnerabilities in Pillow. It was discovered that the fix for CVE-2022-22817 was incomplete. This update fixes the problem. Original advisory An incomplete fix was discovered in Pillow. oval:org.secpod.oval:def:708892 pillow-python2: Python Imaging Library Details: USN-6744-1 fixed a vulnerability in Pillow . This update provides the corresponding updates for Pillow in Ubuntu 20.04 LTS. Original advisory Pillow could be made to crash or run programs as an administrator if it opened a specially crafted file. |