English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.10.2021.0389
Category:Mageia Linux Local Security Checks
Title:Mageia: Security Advisory (MGASA-2021-0389)
Summary:The remote host is missing an update for the 'python-pillow' package(s) announced via the MGASA-2021-0389 advisory.
Description:Summary:
The remote host is missing an update for the 'python-pillow' package(s) announced via the MGASA-2021-0389 advisory.

Vulnerability Insight:
Updated python-pillow packages fix security vulnerabilities:

An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds
read in J2kDecode, in j2ku_graya_la (CVE-2021-25287).

An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds
read in J2kDecode, in j2ku_gray_i (CVE-2021-25288).

An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile
lacked a sanity check on the number of input layers relative to the size of
the data block. This could lead to a DoS on Image.open prior to Image.load
(CVE-2021-28675).

An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did
not properly check that the block advance was non-zero, potentially leading
to an infinite loop on load (CVE-2021-28676).

An issue was discovered in Pillow before 8.2.0. For EPS data, the readline
implementation used in EPSImageFile has to deal with any combination of \r
and \n as line endings. It used an accidentally quadratic method of
accumulating lines while looking for a line ending. A malicious EPS file
could use this to perform a DoS of Pillow in the open phase, before an
image was accepted for opening (CVE-2021-28677).

An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin
did not properly check that reads (after jumping to file offsets) returned
data. This could lead to a DoS where the decoder could be run a large number
of times on empty data (CVE-2021-28678).

Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7
allow an attacker to pass controlled parameters directly into a convert
function to trigger a buffer overflow in Convert.c (CVE-2021-34552).

Affected Software/OS:
'python-pillow' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2021-25287
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
https://security.gentoo.org/glsa/202107-33
https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470
https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
Common Vulnerability Exposure (CVE) ID: CVE-2021-25288
Common Vulnerability Exposure (CVE) ID: CVE-2021-28675
https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fix-dos-in-psdimageplugin
Common Vulnerability Exposure (CVE) ID: CVE-2021-28676
https://github.com/python-pillow/Pillow/commit/bb6c11fb889e6c11b0ee122b828132ee763b5856
https://github.com/python-pillow/Pillow/pull/5377
https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28676-fix-fli-dos
https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
Common Vulnerability Exposure (CVE) ID: CVE-2021-28677
https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28677-fix-eps-dos-on-open
Common Vulnerability Exposure (CVE) ID: CVE-2021-28678
https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28678-fix-blp-dos
Common Vulnerability Exposure (CVE) ID: CVE-2021-34552
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUGBBT63VL7G4JNOEIPDJIOC34ZFBKNJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V6LCG525ARIX6LX5QRYNAWVDD2MD2SV/
https://security.gentoo.org/glsa/202211-10
https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow
https://pillow.readthedocs.io/en/stable/releasenotes/index.html
CopyrightCopyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.