Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

21 – 30 of 38 results


CVE-2021-27921

Medium priority

Some fixes available 3 of 5

Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.

3 affected packages

pillow, pillow-python2, python-imaging

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pillow Not affected Not affected Fixed Fixed Not affected
pillow-python2 Not in release Not in release Needs evaluation Not in release Not in release
python-imaging Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2021-25293

Medium priority

Some fixes available 3 of 5

An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.

3 affected packages

pillow, pillow-python2, python-imaging

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pillow Not affected Not affected Fixed Fixed Not affected
pillow-python2 Not in release Not in release Needs evaluation Not in release Not in release
python-imaging Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2021-25292

Medium priority

Some fixes available 3 of 5

An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.

3 affected packages

pillow, pillow-python2, python-imaging

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pillow Not affected Not affected Fixed Fixed Not affected
pillow-python2 Not in release Not in release Needs evaluation Not in release Not in release
python-imaging Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2021-25291

Medium priority

Some fixes available 2 of 4

An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.

3 affected packages

pillow, pillow-python2, python-imaging

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pillow Not affected Not affected Fixed Not affected Not affected
pillow-python2 Not in release Not in release Needs evaluation Not in release Not in release
python-imaging Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2021-25290

Medium priority

Some fixes available 4 of 7

An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.

3 affected packages

pillow, pillow-python2, python-imaging

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pillow Not affected Not affected Fixed Fixed Fixed
pillow-python2 Not in release Not in release Needs evaluation Not in release Not in release
python-imaging Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2021-252893

Medium priority
Needs evaluation

There is an Out of Bounds Read in SGIRleDecode.c, since pillow 4.3.0.

3 affected packages

pillow, pillow-python2, python-imaging

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pillow Needs evaluation Needs evaluation Needs evaluation
pillow-python2 Needs evaluation Not in release Not in release
python-imaging Not in release Not in release Not in release
Show less packages

CVE-2021-252892

Medium priority
Needs evaluation

The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack.

3 affected packages

pillow, pillow-python2, python-imaging

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pillow Needs evaluation Needs evaluation Needs evaluation
pillow-python2 Needs evaluation Not in release Not in release
python-imaging Not in release Not in release Not in release
Show less packages

CVE-2021-252891

Medium priority
Needs evaluation

In TiffDecode.c, invalid tile boundaries could lead to an OOB Read in TiffReadRGBATile

3 affected packages

pillow, pillow-python2, python-imaging

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pillow Needs evaluation Needs evaluation Needs evaluation
pillow-python2 Needs evaluation Not in release Not in release
python-imaging Not in release Not in release Not in release
Show less packages

CVE-2021-252890

Medium priority
Needs evaluation

In TiffDecode.c, there is a negative-offset memcpy with an invalid size

3 affected packages

pillow, pillow-python2, python-imaging

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pillow Needs evaluation Needs evaluation Needs evaluation
pillow-python2 Needs evaluation Not in release Not in release
python-imaging Not in release Not in release Not in release
Show less packages

CVE-2021-25289

Medium priority

Some fixes available 2 of 4

An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because...

3 affected packages

pillow, pillow-python2, python-imaging

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pillow Not affected Not affected Fixed Not affected Not affected
pillow-python2 Not in release Not in release Needs evaluation Not in release Not in release
python-imaging Not in release Not in release Not in release Not in release Not in release
Show less packages