There are 9 open security issues in buster.
6 issues left for the package maintainer to handle:
- CVE-2020-35653:
(needs triaging)
In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.
- CVE-2020-35655:
(needs triaging)
In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.
- CVE-2021-25290:
(needs triaging)
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.
- CVE-2021-25291:
(needs triaging)
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.
- CVE-2021-25292:
(needs triaging)
An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.
- CVE-2021-25293:
(needs triaging)
An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.
You can find information about how to handle these issues in the security team's documentation.
3 ignored issues:
- CVE-2021-27921:
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.
- CVE-2021-27922:
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.
- CVE-2021-27923:
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.