Security
Headlines

Headlines Latest CVEs

Headline

GHSA-hr8g-f6r6-mr22: Buffer over-flow in Pillow

When reading a TGA file with RLE packets that cross scan lines, Pillow reads the information past the end of the first line without deducting that from the length of the remaining file data. This vulnerability was introduced in Pillow 9.1.0, and can cause a heap buffer overflow.

Opening an image with a zero or negative height has been found to bypass a decompression bomb check. This will now raise a SyntaxError instead, in turn raising a PIL.UnidentifiedImageError.

2 years ago

#vulnerability #git #buffer_overflow

Buffer over-flow in Pillow

High severity GitHub Reviewed Published May 26, 2022 • Updated Jun 1, 2022

Related news

CVE-2022-30595: 9.1.1

libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files.

2 years ago

#vulnerability #buffer_overflow

ghsa: Latest News

GHSA-pqhp-25j4-6hq9: smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables

4 hours ago

GHSA-v5h2-q2w4-gpcx: Sentry improper error handling leaks Application Integration Client Secret

4 hours ago

GHSA-8w49-h785-mj3c: Tornado has an HTTP cookie parsing DoS vulnerability

4 hours ago

GHSA-m52v-24p8-654f: SurrealDB has an Uncaught Exception Sorting Tables by Random Order

4 hours ago

GHSA-jc55-246c-r88f: SurrealDB has an Uncaught Exception Handling Nonexistent Role

4 hours ago