Bugs fixes in "pillow"
| Origin | Bug number | Title | Date fixed |
|---|---|---|---|
| CVE | CVE-2022-22815 | path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. | 2022-01-13 |
| CVE | CVE-2021-34552 | Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert funct | 2022-01-13 |
| CVE | CVE-2021-23437 | The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function. | 2022-01-13 |
| CVE | CVE-2022-22817 | PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. | 2022-01-13 |
| CVE | CVE-2022-22816 | path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. | 2022-01-13 |
| CVE | CVE-2022-22815 | path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. | 2022-01-13 |
| CVE | CVE-2021-34552 | Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert funct | 2022-01-13 |
| CVE | CVE-2021-23437 | The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function. | 2022-01-13 |
| CVE | CVE-2022-22817 | PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. | 2022-01-13 |
| CVE | CVE-2022-22816 | path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. | 2022-01-13 |
| CVE | CVE-2022-22815 | path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. | 2022-01-13 |
| CVE | CVE-2021-34552 | Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert funct | 2022-01-13 |
| CVE | CVE-2021-23437 | The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function. | 2022-01-13 |
| CVE | CVE-2022-22817 | PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. | 2022-01-13 |
| CVE | CVE-2022-22816 | path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. | 2022-01-13 |
| CVE | CVE-2022-22815 | path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. | 2022-01-13 |
| CVE | CVE-2021-34552 | Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert funct | 2022-01-13 |
| CVE | CVE-2021-23437 | The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function. | 2022-01-13 |
| CVE | CVE-2021-27923 | Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly | 2021-03-11 |
| CVE | CVE-2021-27922 | Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly | 2021-03-11 |
About
-
Send Feedback to @ubuntu_updates
