Search for packages
| purl | pkg:alpm/archlinux/python-pillow@8.1.0-1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1baj-rk3p-aaae
Aliases: BIT-2021-25293 BIT-pillow-2021-25293 CVE-2021-25293 GHSA-p43w-g3c5-g5mq PYSEC-2021-39 |
An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c. |
Affected by 0 other vulnerabilities. |
|
VCID-86eg-xvug-aaak
Aliases: BIT-2021-27921 BIT-pillow-2021-27921 CVE-2021-27921 GHSA-f4w8-cv6p-x6r5 PYSEC-2021-40 |
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. |
Affected by 0 other vulnerabilities. |
|
VCID-bfw1-1eep-aaar
Aliases: BIT-2021-27923 BIT-pillow-2021-27923 CVE-2021-27923 GHSA-95q3-8gr9-gm8w PYSEC-2021-42 |
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large. |
Affected by 0 other vulnerabilities. |
|
VCID-bhre-augw-aaaj
Aliases: BIT-2021-25292 BIT-pillow-2021-25292 CVE-2021-25292 GHSA-9hx2-hgq2-2g4f PYSEC-2021-38 |
An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex. |
Affected by 0 other vulnerabilities. |
|
VCID-mvs4-g3jg-aaaa
Aliases: BIT-2021-25289 BIT-pillow-2021-25289 CVE-2021-25289 GHSA-57h3-9rgr-c24m PYSEC-2021-35 |
An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654. |
Affected by 0 other vulnerabilities. |
|
VCID-p4un-9aqj-aaaf
Aliases: BIT-2021-27922 BIT-pillow-2021-27922 CVE-2021-27922 GHSA-3wvg-mj6g-m9cv PYSEC-2021-41 |
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large. |
Affected by 0 other vulnerabilities. |
|
VCID-sbr2-5baf-aaaf
Aliases: BIT-2021-25291 BIT-pillow-2021-25291 CVE-2021-25291 GHSA-mvg9-xffr-p774 PYSEC-2021-37 |
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries. |
Affected by 0 other vulnerabilities. |
|
VCID-z2ep-c7vk-aaah
Aliases: BIT-2021-25290 BIT-pillow-2021-25290 CVE-2021-25290 GHSA-8xjq-8fcg-g5hw PYSEC-2021-36 |
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-6f35-8ga9-aaaa | In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. |
BIT-2020-35654
BIT-pillow-2020-35654 CVE-2020-35654 GHSA-vqcj-wrf2-7v73 PYSEC-2021-70 |
| VCID-74uz-4rc6-aaaj | In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled. |
BIT-2020-35655
BIT-pillow-2020-35655 CVE-2020-35655 GHSA-hf64-x4gq-p99h PYSEC-2021-71 |
| VCID-ncsj-wt9v-aaah | In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations. |
BIT-2020-35653
BIT-pillow-2020-35653 CVE-2020-35653 GHSA-f5g8-5qq7-938w PYSEC-2021-69 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-03-28T07:46:46.408021+00:00 | Arch Linux Importer | Fixing | VCID-ncsj-wt9v-aaah | https://security.archlinux.org/AVG-1438 | 36.0.0 |
| 2025-03-28T07:46:46.373226+00:00 | Arch Linux Importer | Fixing | VCID-6f35-8ga9-aaaa | https://security.archlinux.org/AVG-1438 | 36.0.0 |
| 2025-03-28T07:46:46.339984+00:00 | Arch Linux Importer | Fixing | VCID-74uz-4rc6-aaaj | https://security.archlinux.org/AVG-1438 | 36.0.0 |
| 2025-03-28T07:46:39.458826+00:00 | Arch Linux Importer | Affected by | VCID-mvs4-g3jg-aaaa | https://security.archlinux.org/AVG-1635 | 36.0.0 |
| 2025-03-28T07:46:39.430921+00:00 | Arch Linux Importer | Affected by | VCID-z2ep-c7vk-aaah | https://security.archlinux.org/AVG-1635 | 36.0.0 |
| 2025-03-28T07:46:39.403015+00:00 | Arch Linux Importer | Affected by | VCID-sbr2-5baf-aaaf | https://security.archlinux.org/AVG-1635 | 36.0.0 |
| 2025-03-28T07:46:39.375095+00:00 | Arch Linux Importer | Affected by | VCID-bhre-augw-aaaj | https://security.archlinux.org/AVG-1635 | 36.0.0 |
| 2025-03-28T07:46:39.346362+00:00 | Arch Linux Importer | Affected by | VCID-1baj-rk3p-aaae | https://security.archlinux.org/AVG-1635 | 36.0.0 |
| 2025-03-28T07:46:39.318449+00:00 | Arch Linux Importer | Affected by | VCID-86eg-xvug-aaak | https://security.archlinux.org/AVG-1635 | 36.0.0 |
| 2025-03-28T07:46:39.290262+00:00 | Arch Linux Importer | Affected by | VCID-p4un-9aqj-aaaf | https://security.archlinux.org/AVG-1635 | 36.0.0 |
| 2025-03-28T07:46:39.271540+00:00 | Arch Linux Importer | Affected by | VCID-bfw1-1eep-aaar | https://security.archlinux.org/AVG-1635 | 36.0.0 |
| 2024-10-17T07:47:45.418808+00:00 | Arch Linux Importer | Fixing | VCID-ncsj-wt9v-aaah | https://security.archlinux.org/AVG-1438 | 34.0.2 |
| 2024-10-17T07:47:45.391002+00:00 | Arch Linux Importer | Fixing | VCID-6f35-8ga9-aaaa | https://security.archlinux.org/AVG-1438 | 34.0.2 |
| 2024-10-17T07:47:45.362100+00:00 | Arch Linux Importer | Fixing | VCID-74uz-4rc6-aaaj | https://security.archlinux.org/AVG-1438 | 34.0.2 |
| 2024-09-18T02:02:07.320861+00:00 | Arch Linux Importer | Fixing | VCID-ncsj-wt9v-aaah | https://security.archlinux.org/AVG-1438 | 34.0.1 |
| 2024-09-18T02:02:07.299132+00:00 | Arch Linux Importer | Fixing | VCID-6f35-8ga9-aaaa | https://security.archlinux.org/AVG-1438 | 34.0.1 |
| 2024-09-18T02:02:07.277130+00:00 | Arch Linux Importer | Fixing | VCID-74uz-4rc6-aaaj | https://security.archlinux.org/AVG-1438 | 34.0.1 |
| 2024-09-18T02:01:59.692789+00:00 | Arch Linux Importer | Affected by | VCID-mvs4-g3jg-aaaa | https://security.archlinux.org/AVG-1635 | 34.0.1 |
| 2024-09-18T02:01:59.673116+00:00 | Arch Linux Importer | Affected by | VCID-z2ep-c7vk-aaah | https://security.archlinux.org/AVG-1635 | 34.0.1 |
| 2024-09-18T02:01:59.654410+00:00 | Arch Linux Importer | Affected by | VCID-sbr2-5baf-aaaf | https://security.archlinux.org/AVG-1635 | 34.0.1 |
| 2024-09-18T02:01:59.627958+00:00 | Arch Linux Importer | Affected by | VCID-bhre-augw-aaaj | https://security.archlinux.org/AVG-1635 | 34.0.1 |
| 2024-09-18T02:01:59.607223+00:00 | Arch Linux Importer | Affected by | VCID-1baj-rk3p-aaae | https://security.archlinux.org/AVG-1635 | 34.0.1 |
| 2024-09-18T02:01:59.573439+00:00 | Arch Linux Importer | Affected by | VCID-86eg-xvug-aaak | https://security.archlinux.org/AVG-1635 | 34.0.1 |
| 2024-09-18T02:01:59.542823+00:00 | Arch Linux Importer | Affected by | VCID-p4un-9aqj-aaaf | https://security.archlinux.org/AVG-1635 | 34.0.1 |
| 2024-09-18T02:01:59.516394+00:00 | Arch Linux Importer | Affected by | VCID-bfw1-1eep-aaar | https://security.archlinux.org/AVG-1635 | 34.0.1 |
| 2024-04-23T19:47:33.930497+00:00 | Arch Linux Importer | Fixing | VCID-ncsj-wt9v-aaah | https://security.archlinux.org/AVG-1438 | 34.0.0rc4 |
| 2024-04-23T19:47:33.908629+00:00 | Arch Linux Importer | Fixing | VCID-6f35-8ga9-aaaa | https://security.archlinux.org/AVG-1438 | 34.0.0rc4 |
| 2024-04-23T19:47:33.886391+00:00 | Arch Linux Importer | Fixing | VCID-74uz-4rc6-aaaj | https://security.archlinux.org/AVG-1438 | 34.0.0rc4 |
| 2024-01-03T22:28:09.790815+00:00 | Arch Linux Importer | Fixing | VCID-ncsj-wt9v-aaah | https://security.archlinux.org/AVG-1438 | 34.0.0rc1 |
| 2024-01-03T22:28:09.766476+00:00 | Arch Linux Importer | Fixing | VCID-6f35-8ga9-aaaa | https://security.archlinux.org/AVG-1438 | 34.0.0rc1 |
| 2024-01-03T22:28:09.740181+00:00 | Arch Linux Importer | Fixing | VCID-74uz-4rc6-aaaj | https://security.archlinux.org/AVG-1438 | 34.0.0rc1 |
| 2024-01-03T22:28:03.190001+00:00 | Arch Linux Importer | Affected by | VCID-mvs4-g3jg-aaaa | https://security.archlinux.org/AVG-1635 | 34.0.0rc1 |
| 2024-01-03T22:28:03.171109+00:00 | Arch Linux Importer | Affected by | VCID-z2ep-c7vk-aaah | https://security.archlinux.org/AVG-1635 | 34.0.0rc1 |
| 2024-01-03T22:28:03.152062+00:00 | Arch Linux Importer | Affected by | VCID-sbr2-5baf-aaaf | https://security.archlinux.org/AVG-1635 | 34.0.0rc1 |
| 2024-01-03T22:28:03.132987+00:00 | Arch Linux Importer | Affected by | VCID-bhre-augw-aaaj | https://security.archlinux.org/AVG-1635 | 34.0.0rc1 |
| 2024-01-03T22:28:03.113997+00:00 | Arch Linux Importer | Affected by | VCID-1baj-rk3p-aaae | https://security.archlinux.org/AVG-1635 | 34.0.0rc1 |
| 2024-01-03T22:28:03.095073+00:00 | Arch Linux Importer | Affected by | VCID-86eg-xvug-aaak | https://security.archlinux.org/AVG-1635 | 34.0.0rc1 |
| 2024-01-03T22:28:03.071193+00:00 | Arch Linux Importer | Affected by | VCID-p4un-9aqj-aaaf | https://security.archlinux.org/AVG-1635 | 34.0.0rc1 |
| 2024-01-03T22:28:03.046869+00:00 | Arch Linux Importer | Affected by | VCID-bfw1-1eep-aaar | https://security.archlinux.org/AVG-1635 | 34.0.0rc1 |