Showing 1 - 3 of 3

CVE-2020-35654

Status Candidate

Overview

In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.

Related Files

Red Hat Security Advisory 2021-3917-01: Posted Oct 19, 2021; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2021-3917-01 - Quay 3.6.0 release. Issues addressed include buffer over-read, buffer overflow, denial of service, out of bounds read, and spoofing vulnerabilities.; tags | advisory, denial of service, overflow, spoof, vulnerability; systems | linux, redhat; advisories | CVE-2017-16137, CVE-2017-16138, CVE-2018-1107, CVE-2018-1109, CVE-2018-16492, CVE-2018-21270, CVE-2018-3721, CVE-2018-3728, CVE-2018-3774, CVE-2019-1010266, CVE-2019-20920, CVE-2019-20922, CVE-2020-15366, CVE-2020-25648, CVE-2020-26237, CVE-2020-26291, CVE-2020-35653, CVE-2020-35654, CVE-2020-7608, CVE-2020-8203, CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-23364, CVE-2021-23368, CVE-2021-23382, CVE-2021-25289; MD5 | 3ff5862607840258ebc66493e88f525a; Download | Favorite | View

Ubuntu Security Notice USN-4697-1: Posted Jan 19, 2021; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 4697-1 - It was discovered that Pillow incorrectly handled certain PCX image files. If a user or automated system were tricked into opening a specially-crafted PCX file, a remote attacker could possibly cause Pillow to crash, resulting in a denial of service. It was discovered that Pillow incorrectly handled certain Tiff image files. If a user or automated system were tricked into opening a specially-crafted Tiff file, a remote attacker could cause Pillow to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. Various other issues were also addressed.; tags | advisory, remote, denial of service, arbitrary; systems | linux, ubuntu; advisories | CVE-2020-35653, CVE-2020-35654, CVE-2020-35655; MD5 | 33d0f53f2fe15d0bbe0fe6f3b813716f; Download | Favorite | View

Gentoo Linux Security Advisory 202101-08: Posted Jan 11, 2021; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202101-8 - Multiple vulnerabilities have been found in Pillow, the worst of which could result in a Denial of Service condition. Versions less than 8.1.0 are affected.; tags | advisory, denial of service, vulnerability; systems | linux, gentoo; advisories | CVE-2020-35653, CVE-2020-35654, CVE-2020-35655; MD5 | 10a03ba321505f8f440a2d98f3727dc4; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 66 files
Ubuntu 29 files
malvuln 26 files
Google Security Research 8 files
LiquidWorm 5 files
Vulnerability Laboratory 5 files
Yehia Elghaly 5 files
nu11secur1ty 5 files
twseptian 4 files
faisalfs10x 3 files

File Archives

Systems

AIX (423)
Apple (1,853)
BSD (368)
CentOS (54)
Cisco (1,909)
Debian (5,946)
Fedora (1,690)
FreeBSD (1,241)
Gentoo (4,148)
HPUX (875)
iOS (309)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (41,279)
Mac OS X (682)
Mandriva (3,105)
NetBSD (255)
OpenBSD (476)
RedHat (10,915)
Slackware (941)
Solaris (1,601)
SUSE (1,444)
Ubuntu (7,571)
UNIX (9,007)
UnixWare (182)
Windows (6,249)
Other

CVE-2020-35654

Overview

Related Files

File Archive:

January 2022

Top Authors In Last 30 Days

File Tags

File Archives

Systems