Search CVE reports
31 – 40 of 43 results
CVE-2020-10177
Low prioritySome fixes available 4 of 7
Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c.
3 affected packages
pillow, pillow-python2, python-imaging
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| pillow | Not affected | Not affected | Fixed | Fixed | Fixed |
| pillow-python2 | Not in release | Not in release | Needs evaluation | Not in release | Not in release |
| python-imaging | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2016-3076
Low priorityHeap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.
2 affected packages
pillow, python-imaging
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| pillow | — | — | — | — | Not affected |
| python-imaging | — | — | — | — | Not in release |
CVE-2016-9190
Medium priorityPillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component.
2 affected packages
pillow, python-imaging
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| pillow | — | — | — | — | Fixed |
| python-imaging | — | — | — | — | Not in release |
CVE-2016-9189
Medium priorityPillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component.
2 affected packages
pillow, python-imaging
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| pillow | — | — | — | — | Fixed |
| python-imaging | — | — | — | — | Not in release |
CVE-2016-2533
Medium prioritySome fixes available 2 of 3
Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file.
2 affected packages
pillow, python-imaging
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| pillow | — | — | — | — | Not affected |
| python-imaging | — | — | — | — | Not in release |
CVE-2016-0775
Medium prioritySome fixes available 2 of 3
Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file.
2 affected packages
pillow, python-imaging
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| pillow | — | — | — | — | Not affected |
| python-imaging | — | — | — | — | Not in release |
CVE-2016-0740
Medium prioritySome fixes available 1 of 3
Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file.
2 affected packages
pillow, python-imaging
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| pillow | — | — | — | — | Not affected |
| python-imaging | — | — | — | — | Not in release |
CVE-2014-3598
Medium priorityThe Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.
2 affected packages
pillow, python-imaging
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| pillow | — | — | — | — | — |
| python-imaging | — | — | — | — | — |
CVE-2014-9601
Low prioritySome fixes available 2 of 3
Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed.
2 affected packages
pillow, python-imaging
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| pillow | — | — | — | — | Not affected |
| python-imaging | — | — | — | — | Not in release |
CVE-2014-3589
Low prioritySome fixes available 2 of 4
PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.
2 affected packages
pillow, python-imaging
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| pillow | — | — | — | — | Not affected |
| python-imaging | — | — | — | — | Not in release |