Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2021:4149
HistoryNov 09, 2021 - 8:24 a.m.

(RHSA-2021:4149) Moderate: python-pillow security update

2021-11-0908:24:34
access.redhat.com
21

0.005 Low

EPSS

Percentile

75.9%

JSON

The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities.

Security Fix(es):

  • python-pillow: Out-of-bounds read in J2K image reader (CVE-2021-25287)

  • python-pillow: Out-of-bounds read in J2K image reader (CVE-2021-25288)

  • python-pillow: Negative-offset memcpy in TIFF image reader (CVE-2021-25290)

  • python-pillow: Regular expression DoS in PDF format parser (CVE-2021-25292)

  • python-pillow: Out-of-bounds read in SGI RLE image reader (CVE-2021-25293)

  • python-pillow: Excessive memory allocation in BLP image reader (CVE-2021-27921)

  • python-pillow: Excessive memory allocation in ICNS image reader (CVE-2021-27922)

  • python-pillow: Excessive memory allocation in ICO image reader (CVE-2021-27923)

  • python-pillow: Excessive memory allocation in PSD image reader (CVE-2021-28675)

  • python-pillow: Infinite loop in FLI image reader (CVE-2021-28676)

  • python-pillow: Excessive CPU use in EPS image reader (CVE-2021-28677)

  • python-pillow: Excessive looping in BLP image reader (CVE-2021-28678)

  • python-pillow: Buffer overflow in image convert function (CVE-2021-34552)

  • python-pillow: Buffer over-read in PCX image reader (CVE-2020-35653)

  • python-pillow: Buffer over-read in SGI RLE image reader (CVE-2020-35655)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8x86_64python-pillow-debuginfo< 5.1.1-16.el8python-pillow-debuginfo-5.1.1-16.el8.x86_64.rpm
RedHat8aarch64python3-pillow-tk-debuginfo< 5.1.1-16.el8python3-pillow-tk-debuginfo-5.1.1-16.el8.aarch64.rpm
RedHat8s390xpython3-pillow-tk-debuginfo< 5.1.1-16.el8python3-pillow-tk-debuginfo-5.1.1-16.el8.s390x.rpm
RedHat8ppc64lepython3-pillow< 5.1.1-16.el8python3-pillow-5.1.1-16.el8.ppc64le.rpm
RedHat8ppc64lepython3-pillow-debuginfo< 5.1.1-16.el8python3-pillow-debuginfo-5.1.1-16.el8.ppc64le.rpm
RedHat8s390xpython3-pillow-debuginfo< 5.1.1-16.el8python3-pillow-debuginfo-5.1.1-16.el8.s390x.rpm
RedHat8s390xpython-pillow-debugsource< 5.1.1-16.el8python-pillow-debugsource-5.1.1-16.el8.s390x.rpm
RedHat8s390xpython3-pillow< 5.1.1-16.el8python3-pillow-5.1.1-16.el8.s390x.rpm
RedHat8aarch64python3-pillow< 5.1.1-16.el8python3-pillow-5.1.1-16.el8.aarch64.rpm
RedHat8aarch64python-pillow-debuginfo< 5.1.1-16.el8python-pillow-debuginfo-5.1.1-16.el8.aarch64.rpm
Rows per page:
1-10 of 201

Related

rocky 1
almalinux 1
nessus 47
osv 28
openvas 45
mageia 1
gentoo 2
fedora 14
ubuntu 3
debian 1
freebsd 1
suse 1
amazon 1
ubuntucve 5
archlinux 1
cve 7
alpinelinux 4
nvd 4
github 5
cvelist 3
veracode 5
redhatcve 5
prion 6
cnvd 3
debiancve 3
f5 2
rocky
rocky
python-pillow security update
2021-11-09 08:24:34
almalinux
almalinux
Moderate: python-pillow security update
2021-11-09 08:24:34
nessus
nessus
Rocky Linux 8 : python-pillow (RLSA-2021:4149)
2022-02-09 00:00:00
RHEL 8 : python-pillow (RHSA-2021:4149)
2021-11-11 00:00:00
AlmaLinux 8 : python-pillow (ALSA-2021:4149)
2022-02-09 00:00:00
osv
osv
Moderate: python-pillow security update
2021-11-09 08:24:34
Moderate: python-pillow security update
2021-11-09 08:24:34
pillow vulnerabilities
2021-05-19 13:54:25
openvas
openvas
Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2021-2253)
2021-08-09 00:00:00
Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2021-2187)
2021-07-13 00:00:00
Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2021-2314)
2021-08-09 00:00:00
mageia
mageia
Updated python-pillow packages fix security vulnerabilities
2021-08-06 12:33:48
gentoo
gentoo
Pillow: Multiple vulnerabilities
2021-07-14 00:00:00
Pillow: Multiple vulnerabilities
2021-01-11 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: python-pillow-8.1.2-3.fc34
2021-05-30 17:30:05
[SECURITY] Fedora 33 Update: python-pillow-7.2.0-6.fc33
2021-06-03 01:01:42
[SECURITY] Fedora 34 Update: mingw-python-pillow-8.1.2-2.fc34
2021-05-30 17:30:05
ubuntu
ubuntu
Pillow vulnerabilities
2021-05-19 00:00:00
Pillow vulnerabilities
2021-03-11 00:00:00
Pillow vulnerabilities
2021-01-18 00:00:00
debian
debian
[SECURITY] [DLA 2716-1] pillow security update
2021-07-22 11:17:53
freebsd
freebsd
Pillow -- multiple vulnerabilities
2021-04-01 00:00:00
suse
suse
Security update for python-CairoSVG, python-Pillow (moderate)
2021-08-10 00:00:00
amazon
amazon
Important: python-pillow
2023-06-05 16:39:00
ubuntucve
ubuntucve
CVE-2021-25288
2021-05-10 00:00:00
CVE-2021-25293
2021-03-03 00:00:00
CVE-2020-35655
2021-01-12 00:00:00
archlinux
archlinux
[ASA-202101-11] python-pillow: multiple issues
2021-01-12 00:00:00
cve
cve
CVE-2021-25293
2021-03-19 04:15:13
CVE-2021-28678
2021-06-02 16:15:08
CVE-2021-25290
2021-03-19 04:15:13
alpinelinux
alpinelinux
CVE-2021-25287
2021-06-02 16:15:08
CVE-2021-25290
2021-03-19 04:15:13
CVE-2021-25288
2021-06-02 16:15:08
nvd
nvd
CVE-2021-25288
2021-06-02 16:15:08
CVE-2021-25287
2021-06-02 16:15:08
CVE-2021-27922
2021-03-03 09:15:14
github
github
Out-of-bounds Read
2021-06-08 18:49:28
Pillow Out-of-bounds Read
2021-03-18 19:55:34
Uncontrolled Resource Consumption in pillow
2021-04-23 16:54:36
cvelist
cvelist
CVE-2021-28678
2021-06-02 15:16:23
CVE-2021-25287
2021-06-02 15:13:14
CVE-2021-27923
2021-03-03 08:41:40
veracode
veracode
Denial Of Service (DoS)
2021-05-10 04:00:54
Regular Expression Denial-of-Service (ReDoS)
2021-03-04 02:17:19
Denial Of Service (DoS)
2021-03-04 02:59:28
redhatcve
redhatcve
CVE-2021-25292
2021-03-03 17:39:55
CVE-2021-25287
2021-05-11 20:55:17
CVE-2021-27923
2021-03-04 20:09:56
prion
prion
Design/Logic Flaw
2021-06-02 15:15:00
Out-of-bounds
2021-06-02 16:15:00
Out-of-bounds
2021-06-02 16:15:00
cnvd
cnvd
Pillow Buffer Overflow Vulnerability (CNVD-2021-54033)
2021-03-22 00:00:00
Pillow Denial of Service Vulnerability (CNVD-2021-54029)
2021-06-04 00:00:00
Pillow out-of-bounds read vulnerability (CNVD-2021-54037)
2021-03-08 00:00:00
debiancve
debiancve
CVE-2021-25287
2021-06-02 16:15:08
CVE-2021-25293
2021-03-19 04:15:13
CVE-2021-25288
2021-06-02 16:15:08
f5
f5
K71249196 : Python-Pillow vulnerability CVE-2021-25288
2021-07-14 00:00:00
K45452200 : Python-Pillow vulnerability CVE-2021-25287
2021-07-14 00:00:00

0.005 Low

EPSS

Percentile

75.9%

JSON
Related for RHSA-2021:4149
rocky1almalinux1nessus47osv28openvas45mageia1gentoo2fedora14ubuntu3debian1freebsd1suse1amazon1ubuntucve5archlinux1cve7alpinelinux4nvd4github5cvelist3veracode5redhatcve5prion6cnvd3debiancve3f52