Search CVE reports
21 – 30 of 57 results
CVE-2021-27921
Medium prioritySome fixes available 3 of 5
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.
3 affected packages
pillow, pillow-python2, python-imaging
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| pillow | Not affected | Not affected | Fixed | Fixed | Not affected |
| pillow-python2 | Not in release | Not in release | Needs evaluation | Not in release | Not in release |
| python-imaging | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2021-25293
Medium prioritySome fixes available 3 of 5
An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.
3 affected packages
pillow, pillow-python2, python-imaging
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| pillow | Not affected | Not affected | Fixed | Fixed | Not affected |
| pillow-python2 | Not in release | Not in release | Needs evaluation | Not in release | Not in release |
| python-imaging | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2021-25292
Medium prioritySome fixes available 3 of 5
An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.
3 affected packages
pillow, pillow-python2, python-imaging
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| pillow | Not affected | Not affected | Fixed | Fixed | Not affected |
| pillow-python2 | Not in release | Not in release | Needs evaluation | Not in release | Not in release |
| python-imaging | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2021-25291
Medium prioritySome fixes available 2 of 4
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.
3 affected packages
pillow, pillow-python2, python-imaging
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| pillow | Not affected | Not affected | Fixed | Not affected | Not affected |
| pillow-python2 | Not in release | Not in release | Needs evaluation | Not in release | Not in release |
| python-imaging | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2021-25290
Medium prioritySome fixes available 4 of 7
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.
3 affected packages
pillow, pillow-python2, python-imaging
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| pillow | Not affected | Not affected | Fixed | Fixed | Fixed |
| pillow-python2 | Not in release | Not in release | Needs evaluation | Not in release | Not in release |
| python-imaging | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2021-252893
Medium priorityThere is an Out of Bounds Read in SGIRleDecode.c, since pillow 4.3.0.
3 affected packages
pillow, pillow-python2, python-imaging
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| pillow | — | — | Needs evaluation | Needs evaluation | Needs evaluation |
| pillow-python2 | — | — | Needs evaluation | Not in release | Not in release |
| python-imaging | — | — | Not in release | Not in release | Not in release |
CVE-2021-252892
Medium priorityThe PDF parser has a catastrophic backtracking regex that could be used as a DOS attack.
3 affected packages
pillow, pillow-python2, python-imaging
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| pillow | — | — | Needs evaluation | Needs evaluation | Needs evaluation |
| pillow-python2 | — | — | Needs evaluation | Not in release | Not in release |
| python-imaging | — | — | Not in release | Not in release | Not in release |
CVE-2021-252891
Medium priorityIn TiffDecode.c, invalid tile boundaries could lead to an OOB Read in TiffReadRGBATile
3 affected packages
pillow, pillow-python2, python-imaging
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| pillow | — | — | Needs evaluation | Needs evaluation | Needs evaluation |
| pillow-python2 | — | — | Needs evaluation | Not in release | Not in release |
| python-imaging | — | — | Not in release | Not in release | Not in release |
CVE-2021-252890
Medium priorityIn TiffDecode.c, there is a negative-offset memcpy with an invalid size
3 affected packages
pillow, pillow-python2, python-imaging
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| pillow | — | — | Needs evaluation | Needs evaluation | Needs evaluation |
| pillow-python2 | — | — | Needs evaluation | Not in release | Not in release |
| python-imaging | — | — | Not in release | Not in release | Not in release |
CVE-2021-25289
Medium prioritySome fixes available 2 of 4
An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because...
3 affected packages
pillow, pillow-python2, python-imaging
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| pillow | Not affected | Not affected | Fixed | Not affected | Not affected |
| pillow-python2 | Not in release | Not in release | Needs evaluation | Not in release | Not in release |
| python-imaging | Not in release | Not in release | Not in release | Not in release | Not in release |