VulnerableCode Package Details - pkg:deb/ubuntu/pillow@7.0.0-4ubuntu0.4

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-emwt-ezmx-aaap	An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a DoS of Pillow in the open phase, before an image was accepted for opening.	BIT-2021-28677 BIT-pillow-2021-28677 CVE-2021-28677 GHSA-q5hq-fp76-qmrc PYSEC-2021-93
VCID-exhd-udnk-aaah	An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load.	BIT-2021-28675 BIT-pillow-2021-28675 CVE-2021-28675 GHSA-g6rj-rv7j-xwp4 PYSEC-2021-139
VCID-mwb8-9e71-aaaj	An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.	BIT-2021-25287 BIT-pillow-2021-25287 CVE-2021-25287 GHSA-77gc-v2xv-rvvh PYSEC-2021-137
VCID-nf4x-jfmp-aaak	An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i.	BIT-2021-25288 BIT-pillow-2021-25288 CVE-2021-25288 GHSA-rwv7-3v45-hg29 PYSEC-2021-138
VCID-qav5-qfe9-aaan	An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data.	BIT-2021-28678 BIT-pillow-2021-28678 CVE-2021-28678 GHSA-hjfx-8p6c-g7gx PYSEC-2021-94
VCID-zvvz-7rud-aaae	An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load.	BIT-2021-28676 BIT-pillow-2021-28676 CVE-2021-28676 GHSA-7r7m-5h27-29hp PYSEC-2021-92

Vulnerability

Summary

Aliases

VCID-emwt-ezmx-aaap

An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a DoS of Pillow in the open phase, before an image was accepted for opening.

BIT-2021-28677
BIT-pillow-2021-28677
CVE-2021-28677
GHSA-q5hq-fp76-qmrc
PYSEC-2021-93

VCID-exhd-udnk-aaah

An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load.

BIT-2021-28675
BIT-pillow-2021-28675
CVE-2021-28675
GHSA-g6rj-rv7j-xwp4
PYSEC-2021-139

VCID-mwb8-9e71-aaaj

An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.

BIT-2021-25287
BIT-pillow-2021-25287
CVE-2021-25287
GHSA-77gc-v2xv-rvvh
PYSEC-2021-137

VCID-nf4x-jfmp-aaak

An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i.

BIT-2021-25288
BIT-pillow-2021-25288
CVE-2021-25288
GHSA-rwv7-3v45-hg29
PYSEC-2021-138

VCID-qav5-qfe9-aaan

An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data.

BIT-2021-28678
BIT-pillow-2021-28678
CVE-2021-28678
GHSA-hjfx-8p6c-g7gx
PYSEC-2021-94

VCID-zvvz-7rud-aaae

An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load.

BIT-2021-28676
BIT-pillow-2021-28676
CVE-2021-28676
GHSA-7r7m-5h27-29hp
PYSEC-2021-92