Lucene search
Veracode Vulnerability DatabaseVERACODE:28979HistoryJan 13, 2021 - 5:03 a.m.
Denial Of Service (DoS)
2021-01-1305:03:46
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
0.002 Low
EPSS
Percentile
60.7%
pillow is vulnerable to denial of service (DoS). The vulnerability exists through a heap-based buffer overflow during the decoding of a malicious YCbCr file in RGBA mode.
| CPE | Name | Operator | Version |
|---|---|---|---|
| pillow | le | 8.0.1 | |
| py3-pillow:edge | eq | 6.2.2-r1 | |
| py3-pillow:edge | eq | 7.1.2-r0 | |
| py3-pillow:edge | eq | 7.1.1-r0 | |
| py3-pillow:edge | eq | 6.2.2-r0 |
References
github.com/advisories/GHSA-vqcj-wrf2-7v73
lists.fedoraproject.org/archives/list/[email protected]/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/
lists.fedoraproject.org/archives/list/[email protected]/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/
lists.fedoraproject.org/archives/list/[email protected]/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
lists.fedoraproject.org/archives/list/[email protected]/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security
pillow.readthedocs.io/en/stable/releasenotes/index.html
Related
osv
osv
PYSEC-2021-70
2021-01-12 09:15:00
BIT-pillow-2020-35654
2024-03-06 11:06:24
Pillow Out-of-bounds Write
2021-03-18 19:55:27
nvd
nvd
CVE-2020-35654
2021-01-12 09:15:13
CVE-2021-25289
2021-03-19 04:15:13
prion
prion
Heap overflow
2021-01-12 09:15:00
Heap overflow
2021-03-19 04:15:00
ubuntucve
ubuntucve
CVE-2020-35654
2021-01-12 00:00:00
CVE-2021-25289
2021-03-03 00:00:00
cvelist
cvelist
CVE-2020-35654
2021-01-12 08:06:55
CVE-2021-25289
2021-03-19 03:29:48
alpinelinux
alpinelinux
CVE-2020-35654
2021-01-12 09:15:13
CVE-2021-25289
2021-03-19 04:15:13
github
github
Pillow Out-of-bounds Write
2021-03-18 19:55:27
Out of bounds write in Pillow
2021-03-29 16:35:16
redhatcve
redhatcve
CVE-2020-35654
2021-01-12 16:20:23
CVE-2021-25289
2021-03-03 17:04:09
cve
cve
CVE-2020-35654
2021-01-12 09:15:13
CVE-2021-25289
2021-03-19 04:15:13
debiancve
debiancve
CVE-2020-35654
2021-01-12 09:15:13
CVE-2021-25289
2021-03-19 04:15:13
veracode
veracode
Denial Of Service (DoS)
2021-03-22 04:44:22
f5
f5
K14102355 : Python Pillow vulnerability CVE-2021-25289
2021-06-03 00:00:00
openvas
openvas
Fedora: Security Advisory for mingw-python-pillow (FEDORA-2021-a8ddc1ce70)
2021-01-21 00:00:00
Fedora: Security Advisory for python-pillow (FEDORA-2021-880aa7bd27)
2021-01-25 00:00:00
Fedora: Security Advisory for python-pillow (FEDORA-2021-a8ddc1ce70)
2021-01-21 00:00:00
nessus
nessus
Fedora 32 : python-pillow (2021-880aa7bd27)
2021-01-25 00:00:00
Fedora 33 : mingw-python-pillow / python-pillow (2021-a8ddc1ce70)
2021-01-21 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: python-pillow-7.0.0-5.fc32
2021-01-24 01:23:46
[SECURITY] Fedora 33 Update: mingw-python-pillow-7.2.0-3.fc33
2021-01-21 01:47:28
[SECURITY] Fedora 33 Update: python-pillow-7.2.0-3.fc33
2021-01-21 01:47:29
gentoo
gentoo
Pillow: Multiple vulnerabilities
2021-01-11 00:00:00
ubuntu
ubuntu
Pillow vulnerabilities
2021-01-18 00:00:00
archlinux
archlinux
[ASA-202101-11] python-pillow: multiple issues
2021-01-12 00:00:00
suse
suse
Security update for python-CairoSVG, python-Pillow (moderate)
2021-08-10 00:00:00
redhat
redhat
rosalinux
rosalinux
Advisory ROSA-SA-2021-1957
2021-07-02 18:03:40