Search for packages
| purl | pkg:deb/debian/pillow@8.1.2%2Bdfsg-0.2?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-3uk9-eds5-rkgc | An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load. |
BIT-pillow-2021-28675
CVE-2021-28675 GHSA-g6rj-rv7j-xwp4 PYSEC-2021-139 |
| VCID-aubw-tsmn-ffcq | An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a DoS of Pillow in the open phase, before an image was accepted for opening. |
BIT-pillow-2021-28677
CVE-2021-28677 GHSA-q5hq-fp76-qmrc PYSEC-2021-93 |
| VCID-n1w5-f5p7-xuhb | An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la. |
BIT-pillow-2021-25287
CVE-2021-25287 GHSA-77gc-v2xv-rvvh PYSEC-2021-137 |
| VCID-ue18-zzau-x7hy | An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i. |
BIT-pillow-2021-25288
CVE-2021-25288 GHSA-rwv7-3v45-hg29 PYSEC-2021-138 |
| VCID-vyzt-df2u-h3cc | An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data. |
BIT-pillow-2021-28678
CVE-2021-28678 GHSA-hjfx-8p6c-g7gx PYSEC-2021-94 |
| VCID-xesd-d294-7fcx | An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load. |
BIT-pillow-2021-28676
CVE-2021-28676 GHSA-7r7m-5h27-29hp PYSEC-2021-92 |