In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1134-1 advisory.

  - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to     potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)

  - In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the     user-supplied stride value is trusted for buffer calculations. (CVE-2020-35653)

  - In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files     because of certain interpretation conflicts with LibTIFF in RGBA mode. (CVE-2020-35654)

  - In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image     files because offsets and length tables are mishandled. (CVE-2020-35655)

  - An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding     crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this     issue exists because of an incomplete fix for CVE-2020-35654. (CVE-2021-25289)

  - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an     invalid size. (CVE-2021-25290)

  - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in     TiffreadRGBATile via invalid tile boundaries. (CVE-2021-25291)

  - An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS)     attack via a crafted PDF file because of a catastrophic backtracking regex. (CVE-2021-25292)

  - An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.
    (CVE-2021-25293)

  - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the     reported size of a contained image is not properly checked for a BLP container, and thus an attempted     memory allocation can be very large. (CVE-2021-27921)

  - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the     reported size of a contained image is not properly checked for an ICNS container, and thus an attempted     memory allocation can be very large. (CVE-2021-27922)

  - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the     reported size of a contained image is not properly checked for an ICO container, and thus an attempted     memory allocation can be very large. (CVE-2021-27923)

  - Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass     controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.
    (CVE-2021-34552)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 32 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2021-0ece308612 advisory.

  - In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files     because of certain interpretation conflicts with LibTIFF in RGBA mode. (CVE-2020-35654)

  - An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding     crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this     issue exists because of an incomplete fix for CVE-2020-35654. (CVE-2021-25289)

  - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an     invalid size. (CVE-2021-25290)

  - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in     TiffreadRGBATile via invalid tile boundaries. (CVE-2021-25291)

  - An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS)     attack via a crafted PDF file because of a catastrophic backtracking regex. (CVE-2021-25292)

  - An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.
    (CVE-2021-25293)

  - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the     reported size of a contained image is not properly checked for a BLP container, and thus an attempted     memory allocation can be very large. (CVE-2021-27921)

  - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the     reported size of a contained image is not properly checked for an ICNS container, and thus an attempted     memory allocation can be very large. (CVE-2021-27922)

  - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the     reported size of a contained image is not properly checked for an ICO container, and thus an attempted     memory allocation can be very large. (CVE-2021-27923)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 33 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2021-15845d3abe advisory.

  - In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files     because of certain interpretation conflicts with LibTIFF in RGBA mode. (CVE-2020-35654)

  - An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding     crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this     issue exists because of an incomplete fix for CVE-2020-35654. (CVE-2021-25289)

  - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an     invalid size. (CVE-2021-25290)

  - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in     TiffreadRGBATile via invalid tile boundaries. (CVE-2021-25291)

  - An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS)     attack via a crafted PDF file because of a catastrophic backtracking regex. (CVE-2021-25292)

  - An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.
    (CVE-2021-25293)

  - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the     reported size of a contained image is not properly checked for a BLP container, and thus an attempted     memory allocation can be very large. (CVE-2021-27921)

  - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the     reported size of a contained image is not properly checked for an ICNS container, and thus an attempted     memory allocation can be very large. (CVE-2021-27922)

  - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the     reported size of a contained image is not properly checked for an ICO container, and thus an attempted     memory allocation can be very large. (CVE-2021-27923)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-880aa7bd27 advisory.

  - In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the     user-supplied stride value is trusted for buffer calculations. (CVE-2020-35653)

  - In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files     because of certain interpretation conflicts with LibTIFF in RGBA mode. (CVE-2020-35654)

  - In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image     files because offsets and length tables are mishandled. (CVE-2020-35655)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 33 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2021-a8ddc1ce70 advisory.

  - In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the     user-supplied stride value is trusted for buffer calculations. (CVE-2020-35653)

  - In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files     because of certain interpretation conflicts with LibTIFF in RGBA mode. (CVE-2020-35654)

  - In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image     files because offsets and length tables are mishandled. (CVE-2020-35655)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4697-1 advisory.

  - In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the     user-supplied stride value is trusted for buffer calculations. (CVE-2020-35653)

  - In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files     because of certain interpretation conflicts with LibTIFF in RGBA mode. (CVE-2020-35654)

  - In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image     files because offsets and length tables are mishandled. (CVE-2020-35655)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-202101-08 (Pillow: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Pillow. Please review       the CVE identifiers referenced below for details.
  Impact :

    Please review the referenced CVE identifiers for details.
  Workaround :

    There is no known workaround at this time.

ID	Name	Product	Family	Severity
152473	openSUSE 15 Security Update : python-CairoSVG, python-Pillow (openSUSE-SU-2021:1134-1)	Nessus	SuSE Local Security Checks	critical
147777	Fedora 32 : python-pillow / python2-pillow (2021-0ece308612)	Nessus	Fedora Local Security Checks	critical
147773	Fedora 33 : mingw-python-pillow / python-pillow / python2-pillow (2021-15845d3abe)	Nessus	Fedora Local Security Checks	critical
145337	Fedora 32 : python-pillow (2021-880aa7bd27)	Nessus	Fedora Local Security Checks	high
145235	Fedora 33 : mingw-python-pillow / python-pillow (2021-a8ddc1ce70)	Nessus	Fedora Local Security Checks	high
145048	Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Pillow vulnerabilities (USN-4697-1)	Nessus	Ubuntu Local Security Checks	high
144867	GLSA-202101-08 : Pillow: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high

Detections

Analytics

CVE-2020-35654

high

Tenable Plugins

critical

critical

critical

high

high

high

high