VulnerableCode Package Details - pkg:alpm/archlinux/python-pillow@8.1.2-1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1baj-rk3p-aaae	An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.	BIT-2021-25293 BIT-pillow-2021-25293 CVE-2021-25293 GHSA-p43w-g3c5-g5mq PYSEC-2021-39
VCID-86eg-xvug-aaak	Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.	BIT-2021-27921 BIT-pillow-2021-27921 CVE-2021-27921 GHSA-f4w8-cv6p-x6r5 PYSEC-2021-40
VCID-bfw1-1eep-aaar	Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.	BIT-2021-27923 BIT-pillow-2021-27923 CVE-2021-27923 GHSA-95q3-8gr9-gm8w PYSEC-2021-42
VCID-bhre-augw-aaaj	An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.	BIT-2021-25292 BIT-pillow-2021-25292 CVE-2021-25292 GHSA-9hx2-hgq2-2g4f PYSEC-2021-38
VCID-mvs4-g3jg-aaaa	An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.	BIT-2021-25289 BIT-pillow-2021-25289 CVE-2021-25289 GHSA-57h3-9rgr-c24m PYSEC-2021-35
VCID-p4un-9aqj-aaaf	Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.	BIT-2021-27922 BIT-pillow-2021-27922 CVE-2021-27922 GHSA-3wvg-mj6g-m9cv PYSEC-2021-41
VCID-sbr2-5baf-aaaf	An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.	BIT-2021-25291 BIT-pillow-2021-25291 CVE-2021-25291 GHSA-mvg9-xffr-p774 PYSEC-2021-37
VCID-z2ep-c7vk-aaah	An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.	BIT-2021-25290 BIT-pillow-2021-25290 CVE-2021-25290 GHSA-8xjq-8fcg-g5hw PYSEC-2021-36

Vulnerability

Summary

Aliases

VCID-1baj-rk3p-aaae

An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.

BIT-2021-25293
BIT-pillow-2021-25293
CVE-2021-25293
GHSA-p43w-g3c5-g5mq
PYSEC-2021-39

VCID-86eg-xvug-aaak

Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.

BIT-2021-27921
BIT-pillow-2021-27921
CVE-2021-27921
GHSA-f4w8-cv6p-x6r5
PYSEC-2021-40

VCID-bfw1-1eep-aaar

Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.

BIT-2021-27923
BIT-pillow-2021-27923
CVE-2021-27923
GHSA-95q3-8gr9-gm8w
PYSEC-2021-42

VCID-bhre-augw-aaaj

An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.

BIT-2021-25292
BIT-pillow-2021-25292
CVE-2021-25292
GHSA-9hx2-hgq2-2g4f
PYSEC-2021-38

VCID-mvs4-g3jg-aaaa

An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.

BIT-2021-25289
BIT-pillow-2021-25289
CVE-2021-25289
GHSA-57h3-9rgr-c24m
PYSEC-2021-35

VCID-p4un-9aqj-aaaf

Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.

BIT-2021-27922
BIT-pillow-2021-27922
CVE-2021-27922
GHSA-3wvg-mj6g-m9cv
PYSEC-2021-41

VCID-sbr2-5baf-aaaf

An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.

BIT-2021-25291
BIT-pillow-2021-25291
CVE-2021-25291
GHSA-mvg9-xffr-p774
PYSEC-2021-37

VCID-z2ep-c7vk-aaah

An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.

BIT-2021-25290
BIT-pillow-2021-25290
CVE-2021-25290
GHSA-8xjq-8fcg-g5hw
PYSEC-2021-36

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:46:39.463652+00:00	Arch Linux Importer	Fixing	VCID-mvs4-g3jg-aaaa	https://security.archlinux.org/AVG-1635	36.0.0
2025-03-28T07:46:39.435757+00:00	Arch Linux Importer	Fixing	VCID-z2ep-c7vk-aaah	https://security.archlinux.org/AVG-1635	36.0.0
2025-03-28T07:46:39.407918+00:00	Arch Linux Importer	Fixing	VCID-sbr2-5baf-aaaf	https://security.archlinux.org/AVG-1635	36.0.0
2025-03-28T07:46:39.380219+00:00	Arch Linux Importer	Fixing	VCID-bhre-augw-aaaj	https://security.archlinux.org/AVG-1635	36.0.0
2025-03-28T07:46:39.351340+00:00	Arch Linux Importer	Fixing	VCID-1baj-rk3p-aaae	https://security.archlinux.org/AVG-1635	36.0.0
2025-03-28T07:46:39.323533+00:00	Arch Linux Importer	Fixing	VCID-86eg-xvug-aaak	https://security.archlinux.org/AVG-1635	36.0.0
2025-03-28T07:46:39.295164+00:00	Arch Linux Importer	Fixing	VCID-p4un-9aqj-aaaf	https://security.archlinux.org/AVG-1635	36.0.0
2025-03-28T07:46:39.276486+00:00	Arch Linux Importer	Fixing	VCID-bfw1-1eep-aaar	https://security.archlinux.org/AVG-1635	36.0.0
2024-09-18T02:01:59.697363+00:00	Arch Linux Importer	Fixing	VCID-mvs4-g3jg-aaaa	https://security.archlinux.org/AVG-1635	34.0.1
2024-09-18T02:01:59.677690+00:00	Arch Linux Importer	Fixing	VCID-z2ep-c7vk-aaah	https://security.archlinux.org/AVG-1635	34.0.1
2024-09-18T02:01:59.658975+00:00	Arch Linux Importer	Fixing	VCID-sbr2-5baf-aaaf	https://security.archlinux.org/AVG-1635	34.0.1
2024-09-18T02:01:59.632503+00:00	Arch Linux Importer	Fixing	VCID-bhre-augw-aaaj	https://security.archlinux.org/AVG-1635	34.0.1
2024-09-18T02:01:59.611100+00:00	Arch Linux Importer	Fixing	VCID-1baj-rk3p-aaae	https://security.archlinux.org/AVG-1635	34.0.1
2024-09-18T02:01:59.578315+00:00	Arch Linux Importer	Fixing	VCID-86eg-xvug-aaak	https://security.archlinux.org/AVG-1635	34.0.1
2024-09-18T02:01:59.547665+00:00	Arch Linux Importer	Fixing	VCID-p4un-9aqj-aaaf	https://security.archlinux.org/AVG-1635	34.0.1
2024-09-18T02:01:59.522082+00:00	Arch Linux Importer	Fixing	VCID-bfw1-1eep-aaar	https://security.archlinux.org/AVG-1635	34.0.1
2024-01-03T22:28:03.194725+00:00	Arch Linux Importer	Fixing	VCID-mvs4-g3jg-aaaa	https://security.archlinux.org/AVG-1635	34.0.0rc1
2024-01-03T22:28:03.175850+00:00	Arch Linux Importer	Fixing	VCID-z2ep-c7vk-aaah	https://security.archlinux.org/AVG-1635	34.0.0rc1
2024-01-03T22:28:03.156784+00:00	Arch Linux Importer	Fixing	VCID-sbr2-5baf-aaaf	https://security.archlinux.org/AVG-1635	34.0.0rc1
2024-01-03T22:28:03.137704+00:00	Arch Linux Importer	Fixing	VCID-bhre-augw-aaaj	https://security.archlinux.org/AVG-1635	34.0.0rc1
2024-01-03T22:28:03.118737+00:00	Arch Linux Importer	Fixing	VCID-1baj-rk3p-aaae	https://security.archlinux.org/AVG-1635	34.0.0rc1
2024-01-03T22:28:03.099846+00:00	Arch Linux Importer	Fixing	VCID-86eg-xvug-aaak	https://security.archlinux.org/AVG-1635	34.0.0rc1
2024-01-03T22:28:03.075946+00:00	Arch Linux Importer	Fixing	VCID-p4un-9aqj-aaaf	https://security.archlinux.org/AVG-1635	34.0.0rc1
2024-01-03T22:28:03.051502+00:00	Arch Linux Importer	Fixing	VCID-bfw1-1eep-aaar	https://security.archlinux.org/AVG-1635	34.0.0rc1

2025-03-28T07:46:39.463652+00:00

Arch Linux Importer

Fixing