In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.
Max CVSS
6.7
EPSS Score
0.05%
Published
2024-04-03
Updated
2024-04-10
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.
Max CVSS
9.8
EPSS Score
1.41%
Published
2022-10-21
Updated
2023-05-03
libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files.
Max CVSS
9.8
EPSS Score
0.17%
Published
2022-05-25
Updated
2022-06-03
Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.
Max CVSS
9.8
EPSS Score
0.48%
Published
2021-07-13
Updated
2023-01-31
An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.
Max CVSS
9.8
EPSS Score
0.24%
Published
2021-03-19
Updated
2021-12-01
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.
Max CVSS
9.8
EPSS Score
4.04%
Published
2021-01-19
Updated
2023-05-24
In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.
Max CVSS
8.8
EPSS Score
0.22%
Published
2021-01-12
Updated
2021-03-22
In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c.
Max CVSS
7.8
EPSS Score
0.16%
Published
2020-06-25
Updated
2023-02-27
libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.
Max CVSS
7.1
EPSS Score
0.19%
Published
2020-01-03
Updated
2023-01-24
libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.
Max CVSS
9.8
EPSS Score
0.98%
Published
2020-01-03
Updated
2020-08-18
libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow.
Max CVSS
9.8
EPSS Score
0.83%
Published
2020-01-03
Updated
2020-08-18
libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc.
Max CVSS
8.8
EPSS Score
0.28%
Published
2020-01-03
Updated
2023-01-24
There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux running 64-bit Python this results in the process being terminated by the OOM killer.
Max CVSS
7.5
EPSS Score
0.16%
Published
2020-01-05
Updated
2023-02-01
Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5.
Max CVSS
7.2
EPSS Score
0.04%
Published
2018-03-07
Updated
2022-07-05
Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3->Malloc->Thread1->Free's->Thread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.
Max CVSS
3.6
EPSS Score
0.08%
Published
2018-02-08
Updated
2020-08-24
Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data. This issue is fixed in: v3.4.10, v3.4.10rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.7rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.7, v3.6.7rc1, v3.6.7rc2, v3.6.8, v3.6.8rc1, v3.6.9, v3.6.9rc1; v3.7.1, v3.7.1rc1, v3.7.1rc2, v3.7.2, v3.7.2rc1, v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.
Max CVSS
7.5
EPSS Score
0.66%
Published
2018-12-23
Updated
2020-10-29
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)
Max CVSS
9.8
EPSS Score
1.43%
Published
2017-11-17
Updated
2023-02-16
Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component.
Max CVSS
5.5
EPSS Score
0.10%
Published
2016-11-04
Updated
2017-07-01
An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50.
Max CVSS
9.8
EPSS Score
0.95%
Published
2018-06-11
Updated
2022-06-27
Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.
Max CVSS
10.0
EPSS Score
2.77%
Published
2016-09-02
Updated
2019-02-09
The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.
Max CVSS
8.1
EPSS Score
1.37%
Published
2016-06-30
Updated
2023-02-12
Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow.
Max CVSS
10.0
EPSS Score
1.48%
Published
2016-04-13
Updated
2017-07-01
Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.
Max CVSS
5.5
EPSS Score
0.53%
Published
2017-04-24
Updated
2017-04-29
Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file.
Max CVSS
6.5
EPSS Score
7.29%
Published
2016-04-13
Updated
2017-07-01
Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file.
Max CVSS
6.5
EPSS Score
1.30%
Published
2016-04-13
Updated
2017-07-01
46 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!