Search for packages
| purl | pkg:deb/debian/pillow@8.1.1-1?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-en6t-uxtq-bfek | An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654. |
BIT-pillow-2021-25289
CVE-2021-25289 GHSA-57h3-9rgr-c24m PYSEC-2021-35 |
| VCID-p6r3-puh1-zyg6 | An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c. |
BIT-pillow-2021-25293
CVE-2021-25293 GHSA-p43w-g3c5-g5mq PYSEC-2021-39 |
| VCID-rncf-9nf8-wud3 | An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size. |
BIT-pillow-2021-25290
CVE-2021-25290 GHSA-8xjq-8fcg-g5hw PYSEC-2021-36 |
| VCID-vwbu-ruxm-tbh4 | An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries. |
BIT-pillow-2021-25291
CVE-2021-25291 GHSA-mvg9-xffr-p774 PYSEC-2021-37 |
| VCID-vxh1-8rvt-kkak | An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex. |
BIT-pillow-2021-25292
CVE-2021-25292 GHSA-9hx2-hgq2-2g4f PYSEC-2021-38 |