Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

21 – 30 of 43 results


CVE-2021-252891

Medium priority
Needs evaluation

In TiffDecode.c, invalid tile boundaries could lead to an OOB Read in TiffReadRGBATile

3 affected packages

pillow, pillow-python2, python-imaging

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pillow Needs evaluation Needs evaluation Needs evaluation
pillow-python2 Needs evaluation Not in release Not in release
python-imaging Not in release Not in release Not in release
Show less packages

CVE-2021-252890

Medium priority
Needs evaluation

In TiffDecode.c, there is a negative-offset memcpy with an invalid size

3 affected packages

pillow, pillow-python2, python-imaging

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pillow Needs evaluation Needs evaluation Needs evaluation
pillow-python2 Needs evaluation Not in release Not in release
python-imaging Not in release Not in release Not in release
Show less packages

CVE-2021-25289

Medium priority

Some fixes available 2 of 4

An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because...

3 affected packages

pillow, pillow-python2, python-imaging

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pillow Not affected Not affected Fixed Not affected Not affected
pillow-python2 Not in release Not in release Needs evaluation Not in release Not in release
python-imaging Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-35655

Medium priority

Some fixes available 3 of 5

In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.

3 affected packages

pillow, pillow-python2, python-imaging

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pillow Not affected Not affected Fixed Fixed Not affected
pillow-python2 Not in release Not in release Needs evaluation Not in release Not in release
python-imaging Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-35654

Medium priority

Some fixes available 2 of 4

In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.

3 affected packages

pillow, pillow-python2, python-imaging

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pillow Not affected Not affected Fixed Not affected Not affected
pillow-python2 Not in release Not in release Needs evaluation Not in release Not in release
python-imaging Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-35653

Medium priority

Some fixes available 5 of 7

In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.

3 affected packages

pillow, pillow-python2, python-imaging

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pillow Not affected Not affected Fixed Fixed Fixed
pillow-python2 Not in release Not in release Needs evaluation Not in release Not in release
python-imaging Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-11538

Low priority

Some fixes available 2 of 5

In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311.

3 affected packages

pillow, pillow-python2, python-imaging

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pillow Not affected Not affected Fixed Fixed Not affected
pillow-python2 Not in release Not in release Needs evaluation Not in release Not in release
python-imaging Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-10994

Low priority

Some fixes available 2 of 5

In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file.

3 affected packages

pillow, pillow-python2, python-imaging

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pillow Not affected Not affected Fixed Fixed Not affected
pillow-python2 Not in release Not in release Needs evaluation Not in release Not in release
python-imaging Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-10379

Medium priority

Some fixes available 1 of 4

In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c.

3 affected packages

pillow, pillow-python2, python-imaging

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pillow Not affected Not affected Fixed Not affected Not affected
pillow-python2 Not in release Not in release Needs evaluation Not in release Not in release
python-imaging Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-10378

Low priority

Some fixes available 3 of 6

In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer.

3 affected packages

pillow, pillow-python2, python-imaging

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pillow Not affected Not affected Fixed Fixed Fixed
pillow-python2 Not in release Not in release Needs evaluation Not in release Not in release
python-imaging Not in release Not in release Not in release Not in release Not in release
Show less packages