Showing 1 - 3 of 3

CVE-2020-35654

Status Candidate

Overview

In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.

Related Files

Red Hat Security Advisory 2021-3917-01: Posted Oct 19, 2021; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2021-3917-01 - Quay 3.6.0 release. Issues addressed include buffer over-read, buffer overflow, denial of service, out of bounds read, and spoofing vulnerabilities.; tags | advisory, denial of service, overflow, spoof, vulnerability; systems | linux, redhat; advisories | CVE-2017-16137, CVE-2017-16138, CVE-2018-1107, CVE-2018-1109, CVE-2018-16492, CVE-2018-21270, CVE-2018-3721, CVE-2018-3728, CVE-2018-3774, CVE-2019-1010266, CVE-2019-20920, CVE-2019-20922, CVE-2020-15366, CVE-2020-25648, CVE-2020-26237, CVE-2020-26291, CVE-2020-35653, CVE-2020-35654, CVE-2020-7608, CVE-2020-8203, CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-23364, CVE-2021-23368, CVE-2021-23382, CVE-2021-25289; SHA-256 | cd92891e50d6ccba7c7561d838bb19ca1093549c2001d772fd5a4bb9e4fc7fa0; Download | Favorite | View

Ubuntu Security Notice USN-4697-1: Posted Jan 19, 2021; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 4697-1 - It was discovered that Pillow incorrectly handled certain PCX image files. If a user or automated system were tricked into opening a specially-crafted PCX file, a remote attacker could possibly cause Pillow to crash, resulting in a denial of service. It was discovered that Pillow incorrectly handled certain Tiff image files. If a user or automated system were tricked into opening a specially-crafted Tiff file, a remote attacker could cause Pillow to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. Various other issues were also addressed.; tags | advisory, remote, denial of service, arbitrary; systems | linux, ubuntu; advisories | CVE-2020-35653, CVE-2020-35654, CVE-2020-35655; SHA-256 | 12c56bd8e85ab55d69d2ab44d12f00c4359a66be0a9c2044566f2b4df841be7e; Download | Favorite | View

Gentoo Linux Security Advisory 202101-08: Posted Jan 11, 2021; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202101-8 - Multiple vulnerabilities have been found in Pillow, the worst of which could result in a Denial of Service condition. Versions less than 8.1.0 are affected.; tags | advisory, denial of service, vulnerability; systems | linux, gentoo; advisories | CVE-2020-35653, CVE-2020-35654, CVE-2020-35655; SHA-256 | 830841db0698fc5cc2182a34aef9b177d93fca81672bc12d888a197dc0d161c2; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 237 files
indoushka 157 files
Jay Turla 150 files
Ubuntu 68 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,104)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,119)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (387)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,136)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,775)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,828)
UNIX (9,454)
UnixWare (188)
Windows (6,766)
Other

CVE-2020-35654

Overview

Related Files

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems