Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-23437
Vulnerability from cvelistv5
Published
2021-09-03 16:10
Modified
2024-09-16 20:47
Severity ?
EPSS score ?
Summary
The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T19:05:56.128Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443", }, { tags: [ "x_transferred", ], url: "https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html", }, { tags: [ "x_transferred", ], url: "https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b", }, { name: "FEDORA-2021-9f020cf155", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/", }, { name: "FEDORA-2021-cbfaefb390", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/", }, { name: "GLSA-202211-10", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202211-10", }, { name: "[debian-lts-announce] 20240322 [SECURITY] [DLA 3768-1] pillow security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Pillow", vendor: "n/a", versions: [ { lessThan: "unspecified", status: "affected", version: "0", versionType: "custom", }, { lessThan: "8.3.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Liyuan Chen", }, ], datePublic: "2021-09-03T00:00:00", descriptions: [ { lang: "en", value: "The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Regular Expression Denial of Service (ReDoS)", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-22T11:05:54.063599", orgId: "bae035ff-b466-4ff4-94d0-fc9efd9e1730", shortName: "snyk", }, references: [ { url: "https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443", }, { url: "https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html", }, { url: "https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b", }, { name: "FEDORA-2021-9f020cf155", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/", }, { name: "FEDORA-2021-cbfaefb390", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/", }, { name: "GLSA-202211-10", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202211-10", }, { name: "[debian-lts-announce] 20240322 [SECURITY] [DLA 3768-1] pillow security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html", }, ], title: "Regular Expression Denial of Service (ReDoS)", }, }, cveMetadata: { assignerOrgId: "bae035ff-b466-4ff4-94d0-fc9efd9e1730", assignerShortName: "snyk", cveId: "CVE-2021-23437", datePublished: "2021-09-03T16:10:10.293816Z", dateReserved: "2021-01-08T00:00:00", dateUpdated: "2024-09-16T20:47:41.102Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2021-23437\",\"sourceIdentifier\":\"report@snyk.io\",\"published\":\"2021-09-03T16:15:08.317\",\"lastModified\":\"2024-11-21T05:51:45.487\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.\"},{\"lang\":\"es\",\"value\":\"El paquete pillow versiones desde la versión 5.2.0 y anteriores a 8.3.2, son vulnerables a una Denegación de Servicio por Expresión Regular (ReDoS) por medio de la función getrgb\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"report@snyk.io\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.2.0\",\"versionEndExcluding\":\"8.3.2\",\"matchCriteriaId\":\"F410ECFC-A2CC-41AD-965A-83B3FAE74EB2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"}]}]}],\"references\":[{\"url\":\"https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b\",\"source\":\"report@snyk.io\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html\",\"source\":\"report@snyk.io\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/\",\"source\":\"report@snyk.io\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/\",\"source\":\"report@snyk.io\"},{\"url\":\"https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html\",\"source\":\"report@snyk.io\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202211-10\",\"source\":\"report@snyk.io\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443\",\"source\":\"report@snyk.io\",\"tags\":[\"Exploit\",\"Patch\",\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202211-10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Release Notes\",\"Third Party Advisory\"]}]}}", }, }
suse-su-2021:3235-1
Vulnerability from csaf_suse
Published
2021-09-27 14:36
Modified
2021-09-27 14:36
Summary
Security update for python-Pillow
Notes
Title of the patch
Security update for python-Pillow
Description of the patch
This update for python-Pillow fixes the following issues:
- CVE-2021-23437: Fixed regular expression denial of service (ReDoS) via the getrgb function (bsc#1190229).
Patchnames
SUSE-2021-3235,SUSE-OpenStack-Cloud-9-2021-3235,SUSE-OpenStack-Cloud-Crowbar-9-2021-3235
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for python-Pillow", title: "Title of the patch", }, { category: "description", text: "This update for python-Pillow fixes the following issues:\n\n- CVE-2021-23437: Fixed regular expression denial of service (ReDoS) via the getrgb function (bsc#1190229).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2021-3235,SUSE-OpenStack-Cloud-9-2021-3235,SUSE-OpenStack-Cloud-Crowbar-9-2021-3235", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_3235-1.json", }, { category: "self", summary: "URL for SUSE-SU-2021:3235-1", url: "https://www.suse.com/support/update/announcement/2021/suse-su-20213235-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2021:3235-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2021-September/009514.html", }, { category: "self", summary: "SUSE Bug 1190229", url: "https://bugzilla.suse.com/1190229", }, { category: "self", summary: "SUSE CVE CVE-2021-23437 page", url: "https://www.suse.com/security/cve/CVE-2021-23437/", }, ], title: "Security update for python-Pillow", tracking: { current_release_date: "2021-09-27T14:36:47Z", generator: { date: "2021-09-27T14:36:47Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2021:3235-1", initial_release_date: "2021-09-27T14:36:47Z", revision_history: [ { date: "2021-09-27T14:36:47Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "python-Pillow-5.2.0-3.14.1.aarch64", product: { name: "python-Pillow-5.2.0-3.14.1.aarch64", product_id: "python-Pillow-5.2.0-3.14.1.aarch64", }, }, { category: "product_version", name: "python3-Pillow-5.2.0-3.14.1.aarch64", product: { name: "python3-Pillow-5.2.0-3.14.1.aarch64", product_id: "python3-Pillow-5.2.0-3.14.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "python-Pillow-5.2.0-3.14.1.ppc64le", product: { name: "python-Pillow-5.2.0-3.14.1.ppc64le", product_id: "python-Pillow-5.2.0-3.14.1.ppc64le", }, }, { category: "product_version", name: "python3-Pillow-5.2.0-3.14.1.ppc64le", product: { name: "python3-Pillow-5.2.0-3.14.1.ppc64le", product_id: "python3-Pillow-5.2.0-3.14.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "python-Pillow-5.2.0-3.14.1.s390x", product: { name: "python-Pillow-5.2.0-3.14.1.s390x", product_id: "python-Pillow-5.2.0-3.14.1.s390x", }, }, { category: "product_version", name: "python3-Pillow-5.2.0-3.14.1.s390x", product: { name: "python3-Pillow-5.2.0-3.14.1.s390x", product_id: "python3-Pillow-5.2.0-3.14.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "python-Pillow-5.2.0-3.14.1.x86_64", product: { name: "python-Pillow-5.2.0-3.14.1.x86_64", product_id: "python-Pillow-5.2.0-3.14.1.x86_64", }, }, { category: "product_version", name: "python3-Pillow-5.2.0-3.14.1.x86_64", product: { name: "python3-Pillow-5.2.0-3.14.1.x86_64", product_id: "python3-Pillow-5.2.0-3.14.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE OpenStack Cloud 9", product: { name: "SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9", product_identification_helper: { cpe: "cpe:/o:suse:suse-openstack-cloud:9", }, }, }, { category: "product_name", name: "SUSE OpenStack Cloud Crowbar 9", product: { name: "SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9", product_identification_helper: { cpe: "cpe:/o:suse:suse-openstack-cloud-crowbar:9", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "python-Pillow-5.2.0-3.14.1.x86_64 as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.14.1.x86_64", }, product_reference: "python-Pillow-5.2.0-3.14.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "python-Pillow-5.2.0-3.14.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.14.1.x86_64", }, product_reference: "python-Pillow-5.2.0-3.14.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, ], }, vulnerabilities: [ { cve: "CVE-2021-23437", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-23437", }, ], notes: [ { category: "general", text: "The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.14.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.14.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-23437", url: "https://www.suse.com/security/cve/CVE-2021-23437", }, { category: "external", summary: "SUSE Bug 1190229 for CVE-2021-23437", url: "https://bugzilla.suse.com/1190229", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.14.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.14.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.14.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.14.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-09-27T14:36:47Z", details: "important", }, ], title: "CVE-2021-23437", }, ], }
suse-su-2024:1673-2
Vulnerability from csaf_suse
Published
2024-06-13 09:22
Modified
2024-06-13 09:22
Summary
Security update for python-Pillow
Notes
Title of the patch
Security update for python-Pillow
Description of the patch
This update for python-Pillow fixes the following issues:
- Fixed ImagePath.Path array handling (bsc#1194552, CVE-2022-22815, bsc#1194551, CVE-2022-22816)
- Use snprintf instead of sprintf (bsc#1188574, CVE-2021-34552)
- Fix Memory DOS in Icns, Ico and Blp Image Plugins. (bsc#1183110, CVE-2021-27921, bsc#1183108, CVE-2021-27922, bsc#1183107, CVE-2021-27923)
- Fix OOB read in SgiRleDecode.c (bsc#1183102, CVE-2021-25293)
- Use more specific regex chars to prevent ReDoS (bsc#1183101, CVE-2021-25292)
- Fix negative size read in TiffDecode.c (bsc#1183105, CVE-2021-25290)
- Raise ValueError if color specifier is too long (bsc#1190229, CVE-2021-23437)
- Incorrect error code checking in TiffDecode.c (bsc#1183103, CVE-2021-25289)
- OOB Write in TiffDecode.c (bsc#1180833, CVE-2020-35654)
Patchnames
SUSE-2024-1673,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-1673
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "critical", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for python-Pillow", title: "Title of the patch", }, { category: "description", text: "This update for python-Pillow fixes the following issues:\n\n- Fixed ImagePath.Path array handling (bsc#1194552, CVE-2022-22815, bsc#1194551, CVE-2022-22816)\n- Use snprintf instead of sprintf (bsc#1188574, CVE-2021-34552)\n- Fix Memory DOS in Icns, Ico and Blp Image Plugins. (bsc#1183110, CVE-2021-27921, bsc#1183108, CVE-2021-27922, bsc#1183107, CVE-2021-27923)\n- Fix OOB read in SgiRleDecode.c (bsc#1183102, CVE-2021-25293)\n- Use more specific regex chars to prevent ReDoS (bsc#1183101, CVE-2021-25292)\n- Fix negative size read in TiffDecode.c (bsc#1183105, CVE-2021-25290)\n- Raise ValueError if color specifier is too long (bsc#1190229, CVE-2021-23437)\n- Incorrect error code checking in TiffDecode.c (bsc#1183103, CVE-2021-25289)\n- OOB Write in TiffDecode.c (bsc#1180833, CVE-2020-35654)\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2024-1673,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-1673", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1673-2.json", }, { category: "self", summary: "URL for SUSE-SU-2024:1673-2", url: "https://www.suse.com/support/update/announcement/2024/suse-su-20241673-2/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2024:1673-2", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018714.html", }, { category: "self", summary: "SUSE Bug 1180833", url: "https://bugzilla.suse.com/1180833", }, { category: "self", summary: "SUSE Bug 1183101", url: "https://bugzilla.suse.com/1183101", }, { category: "self", summary: "SUSE Bug 1183102", url: "https://bugzilla.suse.com/1183102", }, { category: "self", summary: "SUSE Bug 1183103", url: "https://bugzilla.suse.com/1183103", }, { category: "self", summary: "SUSE Bug 1183105", url: "https://bugzilla.suse.com/1183105", }, { category: "self", summary: "SUSE Bug 1183107", url: "https://bugzilla.suse.com/1183107", }, { category: "self", summary: "SUSE Bug 1183108", url: "https://bugzilla.suse.com/1183108", }, { category: "self", summary: "SUSE Bug 1183110", url: "https://bugzilla.suse.com/1183110", }, { category: "self", summary: "SUSE Bug 1188574", url: "https://bugzilla.suse.com/1188574", }, { category: "self", summary: "SUSE Bug 1190229", url: "https://bugzilla.suse.com/1190229", }, { category: "self", summary: "SUSE Bug 1194551", url: "https://bugzilla.suse.com/1194551", }, { category: "self", summary: "SUSE Bug 1194552", url: "https://bugzilla.suse.com/1194552", }, { category: "self", summary: "SUSE CVE CVE-2020-35654 page", url: "https://www.suse.com/security/cve/CVE-2020-35654/", }, { category: "self", summary: "SUSE CVE CVE-2021-23437 page", url: "https://www.suse.com/security/cve/CVE-2021-23437/", }, { category: "self", summary: "SUSE CVE CVE-2021-25289 page", url: "https://www.suse.com/security/cve/CVE-2021-25289/", }, { category: "self", summary: "SUSE CVE CVE-2021-25290 page", url: "https://www.suse.com/security/cve/CVE-2021-25290/", }, { category: "self", summary: "SUSE CVE CVE-2021-25292 page", url: "https://www.suse.com/security/cve/CVE-2021-25292/", }, { category: "self", summary: "SUSE CVE CVE-2021-25293 page", url: "https://www.suse.com/security/cve/CVE-2021-25293/", }, { category: "self", summary: "SUSE CVE CVE-2021-27921 page", url: "https://www.suse.com/security/cve/CVE-2021-27921/", }, { category: "self", summary: "SUSE CVE CVE-2021-27922 page", url: "https://www.suse.com/security/cve/CVE-2021-27922/", }, { category: "self", summary: "SUSE CVE CVE-2021-27923 page", url: "https://www.suse.com/security/cve/CVE-2021-27923/", }, { category: "self", summary: "SUSE CVE CVE-2021-34552 page", url: "https://www.suse.com/security/cve/CVE-2021-34552/", }, { category: "self", summary: "SUSE CVE CVE-2022-22815 page", url: "https://www.suse.com/security/cve/CVE-2022-22815/", }, { category: "self", summary: "SUSE CVE CVE-2022-22816 page", url: "https://www.suse.com/security/cve/CVE-2022-22816/", }, ], title: "Security update for python-Pillow", tracking: { current_release_date: "2024-06-13T09:22:50Z", generator: { date: "2024-06-13T09:22:50Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2024:1673-2", initial_release_date: "2024-06-13T09:22:50Z", revision_history: [ { date: "2024-06-13T09:22:50Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "python3-Pillow-7.2.0-150300.3.15.1.aarch64", product: { name: "python3-Pillow-7.2.0-150300.3.15.1.aarch64", product_id: "python3-Pillow-7.2.0-150300.3.15.1.aarch64", }, }, { category: "product_version", name: "python3-Pillow-tk-7.2.0-150300.3.15.1.aarch64", product: { name: "python3-Pillow-tk-7.2.0-150300.3.15.1.aarch64", product_id: "python3-Pillow-tk-7.2.0-150300.3.15.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "python3-Pillow-7.2.0-150300.3.15.1.i586", product: { name: "python3-Pillow-7.2.0-150300.3.15.1.i586", product_id: "python3-Pillow-7.2.0-150300.3.15.1.i586", }, }, { category: "product_version", name: "python3-Pillow-tk-7.2.0-150300.3.15.1.i586", product: { name: "python3-Pillow-tk-7.2.0-150300.3.15.1.i586", product_id: "python3-Pillow-tk-7.2.0-150300.3.15.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "python3-Pillow-7.2.0-150300.3.15.1.ppc64le", product: { name: "python3-Pillow-7.2.0-150300.3.15.1.ppc64le", product_id: "python3-Pillow-7.2.0-150300.3.15.1.ppc64le", }, }, { category: "product_version", name: "python3-Pillow-tk-7.2.0-150300.3.15.1.ppc64le", product: { name: "python3-Pillow-tk-7.2.0-150300.3.15.1.ppc64le", product_id: "python3-Pillow-tk-7.2.0-150300.3.15.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "python3-Pillow-7.2.0-150300.3.15.1.s390x", product: { name: "python3-Pillow-7.2.0-150300.3.15.1.s390x", product_id: "python3-Pillow-7.2.0-150300.3.15.1.s390x", }, }, { category: "product_version", name: "python3-Pillow-tk-7.2.0-150300.3.15.1.s390x", product: { name: "python3-Pillow-tk-7.2.0-150300.3.15.1.s390x", product_id: "python3-Pillow-tk-7.2.0-150300.3.15.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "python3-Pillow-7.2.0-150300.3.15.1.x86_64", product: { name: "python3-Pillow-7.2.0-150300.3.15.1.x86_64", product_id: "python3-Pillow-7.2.0-150300.3.15.1.x86_64", }, }, { category: "product_version", name: "python3-Pillow-tk-7.2.0-150300.3.15.1.x86_64", product: { name: "python3-Pillow-tk-7.2.0-150300.3.15.1.x86_64", product_id: "python3-Pillow-tk-7.2.0-150300.3.15.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Package Hub 15 SP6", product: { name: "SUSE Linux Enterprise Module for Package Hub 15 SP6", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP6", product_identification_helper: { cpe: "cpe:/o:suse:packagehub:15:sp6", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "python3-Pillow-7.2.0-150300.3.15.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.aarch64", }, product_reference: "python3-Pillow-7.2.0-150300.3.15.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "python3-Pillow-7.2.0-150300.3.15.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP6", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", }, product_reference: "python3-Pillow-7.2.0-150300.3.15.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "python3-Pillow-7.2.0-150300.3.15.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP6", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.s390x", }, product_reference: "python3-Pillow-7.2.0-150300.3.15.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "python3-Pillow-7.2.0-150300.3.15.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.x86_64", }, product_reference: "python3-Pillow-7.2.0-150300.3.15.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Package Hub 15 SP6", }, ], }, vulnerabilities: [ { cve: "CVE-2020-35654", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-35654", }, ], notes: [ { category: "general", text: "In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-35654", url: "https://www.suse.com/security/cve/CVE-2020-35654", }, { category: "external", summary: "SUSE Bug 1180833 for CVE-2020-35654", url: "https://bugzilla.suse.com/1180833", }, { category: "external", summary: "SUSE Bug 1183103 for CVE-2020-35654", url: "https://bugzilla.suse.com/1183103", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-13T09:22:50Z", details: "important", }, ], title: "CVE-2020-35654", }, { cve: "CVE-2021-23437", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-23437", }, ], notes: [ { category: "general", text: "The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-23437", url: "https://www.suse.com/security/cve/CVE-2021-23437", }, { category: "external", summary: "SUSE Bug 1190229 for CVE-2021-23437", url: "https://bugzilla.suse.com/1190229", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-13T09:22:50Z", details: "important", }, ], title: "CVE-2021-23437", }, { cve: "CVE-2021-25289", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-25289", }, ], notes: [ { category: "general", text: "An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-25289", url: "https://www.suse.com/security/cve/CVE-2021-25289", }, { category: "external", summary: "SUSE Bug 1183103 for CVE-2021-25289", url: "https://bugzilla.suse.com/1183103", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-13T09:22:50Z", details: "critical", }, ], title: "CVE-2021-25289", }, { cve: "CVE-2021-25290", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-25290", }, ], notes: [ { category: "general", text: "An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-25290", url: "https://www.suse.com/security/cve/CVE-2021-25290", }, { category: "external", summary: "SUSE Bug 1183105 for CVE-2021-25290", url: "https://bugzilla.suse.com/1183105", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-13T09:22:50Z", details: "important", }, ], title: "CVE-2021-25290", }, { cve: "CVE-2021-25292", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-25292", }, ], notes: [ { category: "general", text: "An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-25292", url: "https://www.suse.com/security/cve/CVE-2021-25292", }, { category: "external", summary: "SUSE Bug 1183101 for CVE-2021-25292", url: "https://bugzilla.suse.com/1183101", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-13T09:22:50Z", details: "important", }, ], title: "CVE-2021-25292", }, { cve: "CVE-2021-25293", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-25293", }, ], notes: [ { category: "general", text: "An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-25293", url: "https://www.suse.com/security/cve/CVE-2021-25293", }, { category: "external", summary: "SUSE Bug 1183102 for CVE-2021-25293", url: "https://bugzilla.suse.com/1183102", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-13T09:22:50Z", details: "important", }, ], title: "CVE-2021-25293", }, { cve: "CVE-2021-27921", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-27921", }, ], notes: [ { category: "general", text: "Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-27921", url: "https://www.suse.com/security/cve/CVE-2021-27921", }, { category: "external", summary: "SUSE Bug 1183110 for CVE-2021-27921", url: "https://bugzilla.suse.com/1183110", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-13T09:22:50Z", details: "important", }, ], title: "CVE-2021-27921", }, { cve: "CVE-2021-27922", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-27922", }, ], notes: [ { category: "general", text: "Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-27922", url: "https://www.suse.com/security/cve/CVE-2021-27922", }, { category: "external", summary: "SUSE Bug 1183108 for CVE-2021-27922", url: "https://bugzilla.suse.com/1183108", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-13T09:22:50Z", details: "important", }, ], title: "CVE-2021-27922", }, { cve: "CVE-2021-27923", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-27923", }, ], notes: [ { category: "general", text: "Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-27923", url: "https://www.suse.com/security/cve/CVE-2021-27923", }, { category: "external", summary: "SUSE Bug 1183107 for CVE-2021-27923", url: "https://bugzilla.suse.com/1183107", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-13T09:22:50Z", details: "important", }, ], title: "CVE-2021-27923", }, { cve: "CVE-2021-34552", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-34552", }, ], notes: [ { category: "general", text: "Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-34552", url: "https://www.suse.com/security/cve/CVE-2021-34552", }, { category: "external", summary: "SUSE Bug 1188574 for CVE-2021-34552", url: "https://bugzilla.suse.com/1188574", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-13T09:22:50Z", details: "important", }, ], title: "CVE-2021-34552", }, { cve: "CVE-2022-22815", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-22815", }, ], notes: [ { category: "general", text: "path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-22815", url: "https://www.suse.com/security/cve/CVE-2022-22815", }, { category: "external", summary: "SUSE Bug 1194552 for CVE-2022-22815", url: "https://bugzilla.suse.com/1194552", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-13T09:22:50Z", details: "low", }, ], title: "CVE-2022-22815", }, { cve: "CVE-2022-22816", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-22816", }, ], notes: [ { category: "general", text: "path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-22816", url: "https://www.suse.com/security/cve/CVE-2022-22816", }, { category: "external", summary: "SUSE Bug 1194551 for CVE-2022-22816", url: "https://bugzilla.suse.com/1194551", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:python3-Pillow-7.2.0-150300.3.15.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-13T09:22:50Z", details: "low", }, ], title: "CVE-2022-22816", }, ], }
suse-su-2024:1673-1
Vulnerability from csaf_suse
Published
2024-05-17 07:30
Modified
2024-05-17 07:30
Summary
Security update for python-Pillow
Notes
Title of the patch
Security update for python-Pillow
Description of the patch
This update for python-Pillow fixes the following issues:
- Fixed ImagePath.Path array handling (bsc#1194552, CVE-2022-22815, bsc#1194551, CVE-2022-22816)
- Use snprintf instead of sprintf (bsc#1188574, CVE-2021-34552)
- Fix Memory DOS in Icns, Ico and Blp Image Plugins. (bsc#1183110, CVE-2021-27921, bsc#1183108, CVE-2021-27922, bsc#1183107, CVE-2021-27923)
- Fix OOB read in SgiRleDecode.c (bsc#1183102, CVE-2021-25293)
- Use more specific regex chars to prevent ReDoS (bsc#1183101, CVE-2021-25292)
- Fix negative size read in TiffDecode.c (bsc#1183105, CVE-2021-25290)
- Raise ValueError if color specifier is too long (bsc#1190229, CVE-2021-23437)
- Incorrect error code checking in TiffDecode.c (bsc#1183103, CVE-2021-25289)
- OOB Write in TiffDecode.c (bsc#1180833, CVE-2020-35654)
Patchnames
SUSE-2024-1673,openSUSE-SLE-15.5-2024-1673
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "critical", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for python-Pillow", title: "Title of the patch", }, { category: "description", text: "This update for python-Pillow fixes the following issues:\n\n- Fixed ImagePath.Path array handling (bsc#1194552, CVE-2022-22815, bsc#1194551, CVE-2022-22816)\n- Use snprintf instead of sprintf (bsc#1188574, CVE-2021-34552)\n- Fix Memory DOS in Icns, Ico and Blp Image Plugins. (bsc#1183110, CVE-2021-27921, bsc#1183108, CVE-2021-27922, bsc#1183107, CVE-2021-27923)\n- Fix OOB read in SgiRleDecode.c (bsc#1183102, CVE-2021-25293)\n- Use more specific regex chars to prevent ReDoS (bsc#1183101, CVE-2021-25292)\n- Fix negative size read in TiffDecode.c (bsc#1183105, CVE-2021-25290)\n- Raise ValueError if color specifier is too long (bsc#1190229, CVE-2021-23437)\n- Incorrect error code checking in TiffDecode.c (bsc#1183103, CVE-2021-25289)\n- OOB Write in TiffDecode.c (bsc#1180833, CVE-2020-35654)\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2024-1673,openSUSE-SLE-15.5-2024-1673", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1673-1.json", }, { category: "self", summary: "URL for SUSE-SU-2024:1673-1", url: "https://www.suse.com/support/update/announcement/2024/suse-su-20241673-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2024:1673-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018541.html", }, { category: "self", summary: "SUSE Bug 1180833", url: "https://bugzilla.suse.com/1180833", }, { category: "self", summary: "SUSE Bug 1183101", url: "https://bugzilla.suse.com/1183101", }, { category: "self", summary: "SUSE Bug 1183102", url: "https://bugzilla.suse.com/1183102", }, { category: "self", summary: "SUSE Bug 1183103", url: "https://bugzilla.suse.com/1183103", }, { category: "self", summary: "SUSE Bug 1183105", url: "https://bugzilla.suse.com/1183105", }, { category: "self", summary: "SUSE Bug 1183107", url: "https://bugzilla.suse.com/1183107", }, { category: "self", summary: "SUSE Bug 1183108", url: "https://bugzilla.suse.com/1183108", }, { category: "self", summary: "SUSE Bug 1183110", url: "https://bugzilla.suse.com/1183110", }, { category: "self", summary: "SUSE Bug 1188574", url: "https://bugzilla.suse.com/1188574", }, { category: "self", summary: "SUSE Bug 1190229", url: "https://bugzilla.suse.com/1190229", }, { category: "self", summary: "SUSE Bug 1194551", url: "https://bugzilla.suse.com/1194551", }, { category: "self", summary: "SUSE Bug 1194552", url: "https://bugzilla.suse.com/1194552", }, { category: "self", summary: "SUSE CVE CVE-2020-35654 page", url: "https://www.suse.com/security/cve/CVE-2020-35654/", }, { category: "self", summary: "SUSE CVE CVE-2021-23437 page", url: "https://www.suse.com/security/cve/CVE-2021-23437/", }, { category: "self", summary: "SUSE CVE CVE-2021-25289 page", url: "https://www.suse.com/security/cve/CVE-2021-25289/", }, { category: "self", summary: "SUSE CVE CVE-2021-25290 page", url: "https://www.suse.com/security/cve/CVE-2021-25290/", }, { category: "self", summary: "SUSE CVE CVE-2021-25292 page", url: "https://www.suse.com/security/cve/CVE-2021-25292/", }, { category: "self", summary: "SUSE CVE CVE-2021-25293 page", url: "https://www.suse.com/security/cve/CVE-2021-25293/", }, { category: "self", summary: "SUSE CVE CVE-2021-27921 page", url: "https://www.suse.com/security/cve/CVE-2021-27921/", }, { category: "self", summary: "SUSE CVE CVE-2021-27922 page", url: "https://www.suse.com/security/cve/CVE-2021-27922/", }, { category: "self", summary: "SUSE CVE CVE-2021-27923 page", url: "https://www.suse.com/security/cve/CVE-2021-27923/", }, { category: "self", summary: "SUSE CVE CVE-2021-34552 page", url: "https://www.suse.com/security/cve/CVE-2021-34552/", }, { category: "self", summary: "SUSE CVE CVE-2022-22815 page", url: "https://www.suse.com/security/cve/CVE-2022-22815/", }, { category: "self", summary: "SUSE CVE CVE-2022-22816 page", url: "https://www.suse.com/security/cve/CVE-2022-22816/", }, ], title: "Security update for python-Pillow", tracking: { current_release_date: "2024-05-17T07:30:17Z", generator: { date: "2024-05-17T07:30:17Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2024:1673-1", initial_release_date: "2024-05-17T07:30:17Z", revision_history: [ { date: "2024-05-17T07:30:17Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "python3-Pillow-7.2.0-150300.3.15.1.aarch64", product: { name: "python3-Pillow-7.2.0-150300.3.15.1.aarch64", product_id: "python3-Pillow-7.2.0-150300.3.15.1.aarch64", }, }, { category: "product_version", name: "python3-Pillow-tk-7.2.0-150300.3.15.1.aarch64", product: { name: "python3-Pillow-tk-7.2.0-150300.3.15.1.aarch64", product_id: "python3-Pillow-tk-7.2.0-150300.3.15.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "python3-Pillow-7.2.0-150300.3.15.1.i586", product: { name: "python3-Pillow-7.2.0-150300.3.15.1.i586", product_id: "python3-Pillow-7.2.0-150300.3.15.1.i586", }, }, { category: "product_version", name: "python3-Pillow-tk-7.2.0-150300.3.15.1.i586", product: { name: "python3-Pillow-tk-7.2.0-150300.3.15.1.i586", product_id: "python3-Pillow-tk-7.2.0-150300.3.15.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "python3-Pillow-7.2.0-150300.3.15.1.ppc64le", product: { name: "python3-Pillow-7.2.0-150300.3.15.1.ppc64le", product_id: "python3-Pillow-7.2.0-150300.3.15.1.ppc64le", }, }, { category: "product_version", name: "python3-Pillow-tk-7.2.0-150300.3.15.1.ppc64le", product: { name: "python3-Pillow-tk-7.2.0-150300.3.15.1.ppc64le", product_id: "python3-Pillow-tk-7.2.0-150300.3.15.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "python3-Pillow-7.2.0-150300.3.15.1.s390x", product: { name: "python3-Pillow-7.2.0-150300.3.15.1.s390x", product_id: "python3-Pillow-7.2.0-150300.3.15.1.s390x", }, }, { category: "product_version", name: "python3-Pillow-tk-7.2.0-150300.3.15.1.s390x", product: { name: "python3-Pillow-tk-7.2.0-150300.3.15.1.s390x", product_id: "python3-Pillow-tk-7.2.0-150300.3.15.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "python3-Pillow-7.2.0-150300.3.15.1.x86_64", product: { name: "python3-Pillow-7.2.0-150300.3.15.1.x86_64", product_id: "python3-Pillow-7.2.0-150300.3.15.1.x86_64", }, }, { category: "product_version", name: "python3-Pillow-tk-7.2.0-150300.3.15.1.x86_64", product: { name: "python3-Pillow-tk-7.2.0-150300.3.15.1.x86_64", product_id: "python3-Pillow-tk-7.2.0-150300.3.15.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Leap 15.5", product: { name: "openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.5", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "python3-Pillow-7.2.0-150300.3.15.1.aarch64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.aarch64", }, product_reference: "python3-Pillow-7.2.0-150300.3.15.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "python3-Pillow-7.2.0-150300.3.15.1.ppc64le as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", }, product_reference: "python3-Pillow-7.2.0-150300.3.15.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "python3-Pillow-7.2.0-150300.3.15.1.s390x as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.s390x", }, product_reference: "python3-Pillow-7.2.0-150300.3.15.1.s390x", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "python3-Pillow-7.2.0-150300.3.15.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.x86_64", }, product_reference: "python3-Pillow-7.2.0-150300.3.15.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "python3-Pillow-tk-7.2.0-150300.3.15.1.aarch64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.aarch64", }, product_reference: "python3-Pillow-tk-7.2.0-150300.3.15.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "python3-Pillow-tk-7.2.0-150300.3.15.1.ppc64le as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.ppc64le", }, product_reference: "python3-Pillow-tk-7.2.0-150300.3.15.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "python3-Pillow-tk-7.2.0-150300.3.15.1.s390x as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.s390x", }, product_reference: "python3-Pillow-tk-7.2.0-150300.3.15.1.s390x", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "python3-Pillow-tk-7.2.0-150300.3.15.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.x86_64", }, product_reference: "python3-Pillow-tk-7.2.0-150300.3.15.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, ], }, vulnerabilities: [ { cve: "CVE-2020-35654", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-35654", }, ], notes: [ { category: "general", text: "In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.x86_64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-35654", url: "https://www.suse.com/security/cve/CVE-2020-35654", }, { category: "external", summary: "SUSE Bug 1180833 for CVE-2020-35654", url: "https://bugzilla.suse.com/1180833", }, { category: "external", summary: "SUSE Bug 1183103 for CVE-2020-35654", url: "https://bugzilla.suse.com/1183103", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.x86_64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.x86_64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-05-17T07:30:17Z", details: "important", }, ], title: "CVE-2020-35654", }, { cve: "CVE-2021-23437", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-23437", }, ], notes: [ { category: "general", text: "The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.x86_64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-23437", url: "https://www.suse.com/security/cve/CVE-2021-23437", }, { category: "external", summary: "SUSE Bug 1190229 for CVE-2021-23437", url: "https://bugzilla.suse.com/1190229", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.x86_64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.x86_64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-05-17T07:30:17Z", details: "important", }, ], title: "CVE-2021-23437", }, { cve: "CVE-2021-25289", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-25289", }, ], notes: [ { category: "general", text: "An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.x86_64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-25289", url: "https://www.suse.com/security/cve/CVE-2021-25289", }, { category: "external", summary: "SUSE Bug 1183103 for CVE-2021-25289", url: "https://bugzilla.suse.com/1183103", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.x86_64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.x86_64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-05-17T07:30:17Z", details: "critical", }, ], title: "CVE-2021-25289", }, { cve: "CVE-2021-25290", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-25290", }, ], notes: [ { category: "general", text: "An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.x86_64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-25290", url: "https://www.suse.com/security/cve/CVE-2021-25290", }, { category: "external", summary: "SUSE Bug 1183105 for CVE-2021-25290", url: "https://bugzilla.suse.com/1183105", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.x86_64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.x86_64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-05-17T07:30:17Z", details: "important", }, ], title: "CVE-2021-25290", }, { cve: "CVE-2021-25292", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-25292", }, ], notes: [ { category: "general", text: "An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.x86_64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-25292", url: "https://www.suse.com/security/cve/CVE-2021-25292", }, { category: "external", summary: "SUSE Bug 1183101 for CVE-2021-25292", url: "https://bugzilla.suse.com/1183101", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.x86_64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.x86_64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-05-17T07:30:17Z", details: "important", }, ], title: "CVE-2021-25292", }, { cve: "CVE-2021-25293", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-25293", }, ], notes: [ { category: "general", text: "An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.x86_64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-25293", url: "https://www.suse.com/security/cve/CVE-2021-25293", }, { category: "external", summary: "SUSE Bug 1183102 for CVE-2021-25293", url: "https://bugzilla.suse.com/1183102", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.x86_64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.x86_64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-05-17T07:30:17Z", details: "important", }, ], title: "CVE-2021-25293", }, { cve: "CVE-2021-27921", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-27921", }, ], notes: [ { category: "general", text: "Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.x86_64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-27921", url: "https://www.suse.com/security/cve/CVE-2021-27921", }, { category: "external", summary: "SUSE Bug 1183110 for CVE-2021-27921", url: "https://bugzilla.suse.com/1183110", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.x86_64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.x86_64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-05-17T07:30:17Z", details: "important", }, ], title: "CVE-2021-27921", }, { cve: "CVE-2021-27922", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-27922", }, ], notes: [ { category: "general", text: "Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.x86_64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-27922", url: "https://www.suse.com/security/cve/CVE-2021-27922", }, { category: "external", summary: "SUSE Bug 1183108 for CVE-2021-27922", url: "https://bugzilla.suse.com/1183108", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.x86_64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.x86_64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-05-17T07:30:17Z", details: "important", }, ], title: "CVE-2021-27922", }, { cve: "CVE-2021-27923", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-27923", }, ], notes: [ { category: "general", text: "Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.x86_64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-27923", url: "https://www.suse.com/security/cve/CVE-2021-27923", }, { category: "external", summary: "SUSE Bug 1183107 for CVE-2021-27923", url: "https://bugzilla.suse.com/1183107", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.x86_64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.x86_64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-05-17T07:30:17Z", details: "important", }, ], title: "CVE-2021-27923", }, { cve: "CVE-2021-34552", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-34552", }, ], notes: [ { category: "general", text: "Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.x86_64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-34552", url: "https://www.suse.com/security/cve/CVE-2021-34552", }, { category: "external", summary: "SUSE Bug 1188574 for CVE-2021-34552", url: "https://bugzilla.suse.com/1188574", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.x86_64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.x86_64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-05-17T07:30:17Z", details: "important", }, ], title: "CVE-2021-34552", }, { cve: "CVE-2022-22815", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-22815", }, ], notes: [ { category: "general", text: "path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.x86_64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-22815", url: "https://www.suse.com/security/cve/CVE-2022-22815", }, { category: "external", summary: "SUSE Bug 1194552 for CVE-2022-22815", url: "https://bugzilla.suse.com/1194552", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.x86_64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.x86_64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-05-17T07:30:17Z", details: "low", }, ], title: "CVE-2022-22815", }, { cve: "CVE-2022-22816", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-22816", }, ], notes: [ { category: "general", text: "path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.x86_64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-22816", url: "https://www.suse.com/security/cve/CVE-2022-22816", }, { category: "external", summary: "SUSE Bug 1194551 for CVE-2022-22816", url: "https://bugzilla.suse.com/1194551", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.x86_64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.15.1.x86_64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.aarch64", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.ppc64le", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.s390x", "openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.15.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-05-17T07:30:17Z", details: "low", }, ], title: "CVE-2022-22816", }, ], }
suse-su-2021:3234-1
Vulnerability from csaf_suse
Published
2021-09-27 14:36
Modified
2021-09-27 14:36
Summary
Security update for python-Pillow
Notes
Title of the patch
Security update for python-Pillow
Description of the patch
This update for python-Pillow fixes the following issues:
- CVE-2021-23437: Fixed regular expression denial of service (ReDoS) via the getrgb function (bsc#1190229).
Patchnames
HPE-Helion-OpenStack-8-2021-3234,SUSE-2021-3234,SUSE-OpenStack-Cloud-8-2021-3234,SUSE-OpenStack-Cloud-Crowbar-8-2021-3234
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for python-Pillow", title: "Title of the patch", }, { category: "description", text: "This update for python-Pillow fixes the following issues:\n\n- CVE-2021-23437: Fixed regular expression denial of service (ReDoS) via the getrgb function (bsc#1190229).\n", title: "Description of the patch", }, { category: "details", text: "HPE-Helion-OpenStack-8-2021-3234,SUSE-2021-3234,SUSE-OpenStack-Cloud-8-2021-3234,SUSE-OpenStack-Cloud-Crowbar-8-2021-3234", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_3234-1.json", }, { category: "self", summary: "URL for SUSE-SU-2021:3234-1", url: "https://www.suse.com/support/update/announcement/2021/suse-su-20213234-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2021:3234-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2021-September/009513.html", }, { category: "self", summary: "SUSE Bug 1190229", url: "https://bugzilla.suse.com/1190229", }, { category: "self", summary: "SUSE CVE CVE-2021-23437 page", url: "https://www.suse.com/security/cve/CVE-2021-23437/", }, ], title: "Security update for python-Pillow", tracking: { current_release_date: "2021-09-27T14:36:34Z", generator: { date: "2021-09-27T14:36:34Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2021:3234-1", initial_release_date: "2021-09-27T14:36:34Z", revision_history: [ { date: "2021-09-27T14:36:34Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "python-Pillow-4.2.1-3.20.2.aarch64", product: { name: "python-Pillow-4.2.1-3.20.2.aarch64", product_id: "python-Pillow-4.2.1-3.20.2.aarch64", }, }, { category: "product_version", name: "python3-Pillow-4.2.1-3.20.2.aarch64", product: { name: "python3-Pillow-4.2.1-3.20.2.aarch64", product_id: "python3-Pillow-4.2.1-3.20.2.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "python-Pillow-4.2.1-3.20.2.ppc64le", product: { name: "python-Pillow-4.2.1-3.20.2.ppc64le", product_id: "python-Pillow-4.2.1-3.20.2.ppc64le", }, }, { category: "product_version", name: "python3-Pillow-4.2.1-3.20.2.ppc64le", product: { name: "python3-Pillow-4.2.1-3.20.2.ppc64le", product_id: "python3-Pillow-4.2.1-3.20.2.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "python-Pillow-4.2.1-3.20.2.s390x", product: { name: "python-Pillow-4.2.1-3.20.2.s390x", product_id: "python-Pillow-4.2.1-3.20.2.s390x", }, }, { category: "product_version", name: "python3-Pillow-4.2.1-3.20.2.s390x", product: { name: "python3-Pillow-4.2.1-3.20.2.s390x", product_id: "python3-Pillow-4.2.1-3.20.2.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "python-Pillow-4.2.1-3.20.2.x86_64", product: { name: "python-Pillow-4.2.1-3.20.2.x86_64", product_id: "python-Pillow-4.2.1-3.20.2.x86_64", }, }, { category: "product_version", name: "python3-Pillow-4.2.1-3.20.2.x86_64", product: { name: "python3-Pillow-4.2.1-3.20.2.x86_64", product_id: "python3-Pillow-4.2.1-3.20.2.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "HPE Helion OpenStack 8", product: { name: "HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8", product_identification_helper: { cpe: "cpe:/o:suse:hpe-helion-openstack:8", }, }, }, { category: "product_name", name: "SUSE OpenStack Cloud 8", product: { name: "SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8", product_identification_helper: { cpe: "cpe:/o:suse:suse-openstack-cloud:8", }, }, }, { category: "product_name", name: "SUSE OpenStack Cloud Crowbar 8", product: { name: "SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8", product_identification_helper: { cpe: "cpe:/o:suse:suse-openstack-cloud-crowbar:8", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "python-Pillow-4.2.1-3.20.2.x86_64 as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.20.2.x86_64", }, product_reference: "python-Pillow-4.2.1-3.20.2.x86_64", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "python-Pillow-4.2.1-3.20.2.x86_64 as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.20.2.x86_64", }, product_reference: "python-Pillow-4.2.1-3.20.2.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "python-Pillow-4.2.1-3.20.2.x86_64 as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.20.2.x86_64", }, product_reference: "python-Pillow-4.2.1-3.20.2.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, ], }, vulnerabilities: [ { cve: "CVE-2021-23437", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-23437", }, ], notes: [ { category: "general", text: "The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.20.2.x86_64", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.20.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.20.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-23437", url: "https://www.suse.com/security/cve/CVE-2021-23437", }, { category: "external", summary: "SUSE Bug 1190229 for CVE-2021-23437", url: "https://bugzilla.suse.com/1190229", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.20.2.x86_64", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.20.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.20.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.20.2.x86_64", "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.20.2.x86_64", "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.20.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-09-27T14:36:34Z", details: "important", }, ], title: "CVE-2021-23437", }, ], }
fkie_cve-2021-23437
Vulnerability from fkie_nvd
Published
2021-09-03 16:15
Modified
2024-11-21 05:51
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| python | pillow | * | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*", matchCriteriaId: "F410ECFC-A2CC-41AD-965A-83B3FAE74EB2", versionEndExcluding: "8.3.2", versionStartIncluding: "5.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.", }, { lang: "es", value: "El paquete pillow versiones desde la versión 5.2.0 y anteriores a 8.3.2, son vulnerables a una Denegación de Servicio por Expresión Regular (ReDoS) por medio de la función getrgb", }, ], id: "CVE-2021-23437", lastModified: "2024-11-21T05:51:45.487", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "report@snyk.io", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-09-03T16:15:08.317", references: [ { source: "report@snyk.io", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b", }, { source: "report@snyk.io", url: "https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html", }, { source: "report@snyk.io", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/", }, { source: "report@snyk.io", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/", }, { source: "report@snyk.io", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html", }, { source: "report@snyk.io", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202211-10", }, { source: "report@snyk.io", tags: [ "Exploit", "Patch", "Release Notes", "Third Party Advisory", ], url: "https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202211-10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Release Notes", "Third Party Advisory", ], url: "https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443", }, ], sourceIdentifier: "report@snyk.io", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
gsd-2021-23437
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.
Aliases
Aliases
{ GSD: { alias: "CVE-2021-23437", description: "The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.", id: "GSD-2021-23437", references: [ "https://www.suse.com/security/cve/CVE-2021-23437.html", "https://ubuntu.com/security/CVE-2021-23437", "https://advisories.mageia.org/CVE-2021-23437.html", "https://security.archlinux.org/CVE-2021-23437", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2021-23437", ], details: "The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.", id: "GSD-2021-23437", modified: "2023-12-13T01:23:30.314266Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "report@snyk.io", DATE_PUBLIC: "2021-09-03T16:10:00.232154Z", ID: "CVE-2021-23437", STATE: "PUBLIC", TITLE: "Regular Expression Denial of Service (ReDoS)", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Pillow", version: { version_data: [ { version_affected: ">=", version_value: "0", }, { version_affected: "<", version_value: "8.3.2", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, credit: [ { lang: "eng", value: "Liyuan Chen", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Regular Expression Denial of Service (ReDoS)", }, ], }, ], }, references: { reference_data: [ { name: "https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443", refsource: "MISC", url: "https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443", }, { name: "https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html", refsource: "MISC", url: "https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html", }, { name: "https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b", refsource: "MISC", url: "https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b", }, { name: "FEDORA-2021-9f020cf155", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/", }, { name: "FEDORA-2021-cbfaefb390", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/", }, { name: "GLSA-202211-10", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202211-10", }, { name: "[debian-lts-announce] 20240322 [SECURITY] [DLA 3768-1] pillow security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html", }, ], }, }, "gitlab.com": { advisories: [ { affected_range: ">=5.2.0,<8.3.2", affected_versions: "All versions starting from 5.2.0 before 8.3.2", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:N/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", cwe_ids: [ "CWE-1035", "CWE-125", "CWE-937", ], date: "2023-01-31", description: "The pillow package is vulnerable to Regular Expression Denial of Service (ReDoS) via the `getrgb` function.", fixed_versions: [ "8.3.2", ], identifier: "CVE-2021-23437", identifiers: [ "CVE-2021-23437", ], not_impacted: "All versions before 5.2.0, all versions starting from 8.3.2", package_slug: "pypi/Pillow", pubdate: "2021-09-03", solution: "Upgrade to version 8.3.2 or above.", title: "Out-of-bounds Read", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2021-23437", "https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html", ], uuid: "5db07fd2-101c-4794-a0f2-fabeb895b05e", }, ], }, "nvd.nist.gov": { cve: { configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*", matchCriteriaId: "F410ECFC-A2CC-41AD-965A-83B3FAE74EB2", versionEndExcluding: "8.3.2", versionStartIncluding: "5.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], descriptions: [ { lang: "en", value: "The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.", }, { lang: "es", value: "El paquete pillow versiones desde la versión 5.2.0 y anteriores a 8.3.2, son vulnerables a una Denegación de Servicio por Expresión Regular (ReDoS) por medio de la función getrgb", }, ], id: "CVE-2021-23437", lastModified: "2024-03-22T11:15:45.353", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "report@snyk.io", type: "Secondary", }, ], }, published: "2021-09-03T16:15:08.317", references: [ { source: "report@snyk.io", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b", }, { source: "report@snyk.io", url: "https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html", }, { source: "report@snyk.io", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/", }, { source: "report@snyk.io", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/", }, { source: "report@snyk.io", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html", }, { source: "report@snyk.io", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202211-10", }, { source: "report@snyk.io", tags: [ "Exploit", "Patch", "Release Notes", "Third Party Advisory", ], url: "https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443", }, ], sourceIdentifier: "report@snyk.io", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }, }, }, }
opensuse-su-2024:13827-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
python310-Pillow-10.3.0-1.1 on GA media
Notes
Title of the patch
python310-Pillow-10.3.0-1.1 on GA media
Description of the patch
These are all security issues fixed in the python310-Pillow-10.3.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-13827
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "python310-Pillow-10.3.0-1.1 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the python310-Pillow-10.3.0-1.1 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-13827", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13827-1.json", }, { category: "self", summary: "SUSE CVE CVE-2014-3589 page", url: "https://www.suse.com/security/cve/CVE-2014-3589/", }, { category: "self", summary: "SUSE CVE CVE-2014-3598 page", url: "https://www.suse.com/security/cve/CVE-2014-3598/", }, { category: "self", summary: "SUSE CVE CVE-2016-0740 page", url: "https://www.suse.com/security/cve/CVE-2016-0740/", }, { category: "self", summary: "SUSE CVE CVE-2016-0775 page", url: "https://www.suse.com/security/cve/CVE-2016-0775/", }, { category: "self", summary: "SUSE CVE CVE-2016-3076 page", url: "https://www.suse.com/security/cve/CVE-2016-3076/", }, { category: "self", summary: "SUSE CVE CVE-2020-15999 page", url: "https://www.suse.com/security/cve/CVE-2020-15999/", }, { category: "self", summary: "SUSE CVE CVE-2020-35653 page", url: "https://www.suse.com/security/cve/CVE-2020-35653/", }, { category: "self", summary: "SUSE CVE CVE-2020-35654 page", url: "https://www.suse.com/security/cve/CVE-2020-35654/", }, { category: "self", summary: "SUSE CVE CVE-2020-35655 page", url: "https://www.suse.com/security/cve/CVE-2020-35655/", }, { category: "self", summary: "SUSE CVE CVE-2021-23437 page", url: "https://www.suse.com/security/cve/CVE-2021-23437/", }, { category: "self", summary: "SUSE CVE CVE-2021-25289 page", url: "https://www.suse.com/security/cve/CVE-2021-25289/", }, { category: "self", summary: "SUSE CVE CVE-2021-25290 page", url: "https://www.suse.com/security/cve/CVE-2021-25290/", }, { category: "self", summary: "SUSE CVE CVE-2021-25291 page", url: "https://www.suse.com/security/cve/CVE-2021-25291/", }, { category: "self", summary: "SUSE CVE CVE-2021-25292 page", url: "https://www.suse.com/security/cve/CVE-2021-25292/", }, { category: "self", summary: "SUSE CVE CVE-2021-25293 page", url: "https://www.suse.com/security/cve/CVE-2021-25293/", }, { category: "self", summary: "SUSE CVE CVE-2021-27921 page", url: "https://www.suse.com/security/cve/CVE-2021-27921/", }, { category: "self", summary: "SUSE CVE CVE-2021-34552 page", url: "https://www.suse.com/security/cve/CVE-2021-34552/", }, { category: "self", summary: "SUSE CVE CVE-2024-28219 page", url: "https://www.suse.com/security/cve/CVE-2024-28219/", }, ], title: "python310-Pillow-10.3.0-1.1 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:13827-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "python310-Pillow-10.3.0-1.1.aarch64", product: { name: "python310-Pillow-10.3.0-1.1.aarch64", product_id: "python310-Pillow-10.3.0-1.1.aarch64", }, }, { category: "product_version", name: "python310-Pillow-tk-10.3.0-1.1.aarch64", product: { name: "python310-Pillow-tk-10.3.0-1.1.aarch64", product_id: "python310-Pillow-tk-10.3.0-1.1.aarch64", }, }, { category: "product_version", name: "python311-Pillow-10.3.0-1.1.aarch64", product: { name: "python311-Pillow-10.3.0-1.1.aarch64", product_id: "python311-Pillow-10.3.0-1.1.aarch64", }, }, { category: "product_version", name: "python311-Pillow-tk-10.3.0-1.1.aarch64", product: { name: "python311-Pillow-tk-10.3.0-1.1.aarch64", product_id: "python311-Pillow-tk-10.3.0-1.1.aarch64", }, }, { category: "product_version", name: "python312-Pillow-10.3.0-1.1.aarch64", product: { name: "python312-Pillow-10.3.0-1.1.aarch64", product_id: "python312-Pillow-10.3.0-1.1.aarch64", }, }, { category: "product_version", name: "python312-Pillow-tk-10.3.0-1.1.aarch64", product: { name: "python312-Pillow-tk-10.3.0-1.1.aarch64", product_id: "python312-Pillow-tk-10.3.0-1.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "python310-Pillow-10.3.0-1.1.ppc64le", product: { name: "python310-Pillow-10.3.0-1.1.ppc64le", product_id: "python310-Pillow-10.3.0-1.1.ppc64le", }, }, { category: "product_version", name: "python310-Pillow-tk-10.3.0-1.1.ppc64le", product: { name: "python310-Pillow-tk-10.3.0-1.1.ppc64le", product_id: "python310-Pillow-tk-10.3.0-1.1.ppc64le", }, }, { category: "product_version", name: "python311-Pillow-10.3.0-1.1.ppc64le", product: { name: "python311-Pillow-10.3.0-1.1.ppc64le", product_id: "python311-Pillow-10.3.0-1.1.ppc64le", }, }, { category: "product_version", name: "python311-Pillow-tk-10.3.0-1.1.ppc64le", product: { name: "python311-Pillow-tk-10.3.0-1.1.ppc64le", product_id: "python311-Pillow-tk-10.3.0-1.1.ppc64le", }, }, { category: "product_version", name: "python312-Pillow-10.3.0-1.1.ppc64le", product: { name: "python312-Pillow-10.3.0-1.1.ppc64le", product_id: "python312-Pillow-10.3.0-1.1.ppc64le", }, }, { category: "product_version", name: "python312-Pillow-tk-10.3.0-1.1.ppc64le", product: { name: "python312-Pillow-tk-10.3.0-1.1.ppc64le", product_id: "python312-Pillow-tk-10.3.0-1.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "python310-Pillow-10.3.0-1.1.s390x", product: { name: "python310-Pillow-10.3.0-1.1.s390x", product_id: "python310-Pillow-10.3.0-1.1.s390x", }, }, { category: "product_version", name: "python310-Pillow-tk-10.3.0-1.1.s390x", product: { name: "python310-Pillow-tk-10.3.0-1.1.s390x", product_id: "python310-Pillow-tk-10.3.0-1.1.s390x", }, }, { category: "product_version", name: "python311-Pillow-10.3.0-1.1.s390x", product: { name: "python311-Pillow-10.3.0-1.1.s390x", product_id: "python311-Pillow-10.3.0-1.1.s390x", }, }, { category: "product_version", name: "python311-Pillow-tk-10.3.0-1.1.s390x", product: { name: "python311-Pillow-tk-10.3.0-1.1.s390x", product_id: "python311-Pillow-tk-10.3.0-1.1.s390x", }, }, { category: "product_version", name: "python312-Pillow-10.3.0-1.1.s390x", product: { name: "python312-Pillow-10.3.0-1.1.s390x", product_id: "python312-Pillow-10.3.0-1.1.s390x", }, }, { category: "product_version", name: "python312-Pillow-tk-10.3.0-1.1.s390x", product: { name: "python312-Pillow-tk-10.3.0-1.1.s390x", product_id: "python312-Pillow-tk-10.3.0-1.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "python310-Pillow-10.3.0-1.1.x86_64", product: { name: "python310-Pillow-10.3.0-1.1.x86_64", product_id: "python310-Pillow-10.3.0-1.1.x86_64", }, }, { category: "product_version", name: "python310-Pillow-tk-10.3.0-1.1.x86_64", product: { name: "python310-Pillow-tk-10.3.0-1.1.x86_64", product_id: "python310-Pillow-tk-10.3.0-1.1.x86_64", }, }, { category: "product_version", name: "python311-Pillow-10.3.0-1.1.x86_64", product: { name: "python311-Pillow-10.3.0-1.1.x86_64", product_id: "python311-Pillow-10.3.0-1.1.x86_64", }, }, { category: "product_version", name: "python311-Pillow-tk-10.3.0-1.1.x86_64", product: { name: "python311-Pillow-tk-10.3.0-1.1.x86_64", product_id: "python311-Pillow-tk-10.3.0-1.1.x86_64", }, }, { category: "product_version", name: "python312-Pillow-10.3.0-1.1.x86_64", product: { name: "python312-Pillow-10.3.0-1.1.x86_64", product_id: "python312-Pillow-10.3.0-1.1.x86_64", }, }, { category: "product_version", name: "python312-Pillow-tk-10.3.0-1.1.x86_64", product: { name: "python312-Pillow-tk-10.3.0-1.1.x86_64", product_id: "python312-Pillow-tk-10.3.0-1.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "python310-Pillow-10.3.0-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", }, product_reference: "python310-Pillow-10.3.0-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python310-Pillow-10.3.0-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", }, product_reference: "python310-Pillow-10.3.0-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python310-Pillow-10.3.0-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", }, product_reference: "python310-Pillow-10.3.0-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python310-Pillow-10.3.0-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", }, product_reference: "python310-Pillow-10.3.0-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python310-Pillow-tk-10.3.0-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", }, product_reference: "python310-Pillow-tk-10.3.0-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python310-Pillow-tk-10.3.0-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", }, product_reference: "python310-Pillow-tk-10.3.0-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python310-Pillow-tk-10.3.0-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", }, product_reference: "python310-Pillow-tk-10.3.0-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python310-Pillow-tk-10.3.0-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", }, product_reference: "python310-Pillow-tk-10.3.0-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python311-Pillow-10.3.0-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", }, product_reference: "python311-Pillow-10.3.0-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python311-Pillow-10.3.0-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", }, product_reference: "python311-Pillow-10.3.0-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python311-Pillow-10.3.0-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", }, product_reference: "python311-Pillow-10.3.0-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python311-Pillow-10.3.0-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", }, product_reference: "python311-Pillow-10.3.0-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python311-Pillow-tk-10.3.0-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", }, product_reference: "python311-Pillow-tk-10.3.0-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python311-Pillow-tk-10.3.0-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", }, product_reference: "python311-Pillow-tk-10.3.0-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python311-Pillow-tk-10.3.0-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", }, product_reference: "python311-Pillow-tk-10.3.0-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python311-Pillow-tk-10.3.0-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", }, product_reference: "python311-Pillow-tk-10.3.0-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python312-Pillow-10.3.0-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", }, product_reference: "python312-Pillow-10.3.0-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python312-Pillow-10.3.0-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", }, product_reference: "python312-Pillow-10.3.0-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python312-Pillow-10.3.0-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", }, product_reference: "python312-Pillow-10.3.0-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python312-Pillow-10.3.0-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", }, product_reference: "python312-Pillow-10.3.0-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python312-Pillow-tk-10.3.0-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", }, product_reference: "python312-Pillow-tk-10.3.0-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python312-Pillow-tk-10.3.0-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", }, product_reference: "python312-Pillow-tk-10.3.0-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python312-Pillow-tk-10.3.0-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", }, product_reference: "python312-Pillow-tk-10.3.0-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python312-Pillow-tk-10.3.0-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", }, product_reference: "python312-Pillow-tk-10.3.0-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2014-3589", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-3589", }, ], notes: [ { category: "general", text: "PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-3589", url: "https://www.suse.com/security/cve/CVE-2014-3589", }, { category: "external", summary: "SUSE Bug 921566 for CVE-2014-3589", url: "https://bugzilla.suse.com/921566", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2014-3589", }, { cve: "CVE-2014-3598", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-3598", }, ], notes: [ { category: "general", text: "The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-3598", url: "https://www.suse.com/security/cve/CVE-2014-3598", }, { category: "external", summary: "SUSE Bug 921566 for CVE-2014-3598", url: "https://bugzilla.suse.com/921566", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2014-3598", }, { cve: "CVE-2016-0740", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-0740", }, ], notes: [ { category: "general", text: "Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-0740", url: "https://www.suse.com/security/cve/CVE-2016-0740", }, { category: "external", summary: "SUSE Bug 965579 for CVE-2016-0740", url: "https://bugzilla.suse.com/965579", }, { category: "external", summary: "SUSE Bug 965582 for CVE-2016-0740", url: "https://bugzilla.suse.com/965582", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-0740", }, { cve: "CVE-2016-0775", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-0775", }, ], notes: [ { category: "general", text: "Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-0775", url: "https://www.suse.com/security/cve/CVE-2016-0775", }, { category: "external", summary: "SUSE Bug 965579 for CVE-2016-0775", url: "https://bugzilla.suse.com/965579", }, { category: "external", summary: "SUSE Bug 965582 for CVE-2016-0775", url: "https://bugzilla.suse.com/965582", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-0775", }, { cve: "CVE-2016-3076", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-3076", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-3076", url: "https://www.suse.com/security/cve/CVE-2016-3076", }, { category: "external", summary: "SUSE Bug 973786 for CVE-2016-3076", url: "https://bugzilla.suse.com/973786", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-3076", }, { cve: "CVE-2020-15999", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-15999", }, ], notes: [ { category: "general", text: "Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-15999", url: "https://www.suse.com/security/cve/CVE-2020-15999", }, { category: "external", summary: "SUSE Bug 1177914 for CVE-2020-15999", url: "https://bugzilla.suse.com/1177914", }, { category: "external", summary: "SUSE Bug 1177936 for CVE-2020-15999", url: "https://bugzilla.suse.com/1177936", }, { category: "external", summary: "SUSE Bug 1178824 for CVE-2020-15999", url: "https://bugzilla.suse.com/1178824", }, { category: "external", summary: "SUSE Bug 1178894 for CVE-2020-15999", url: "https://bugzilla.suse.com/1178894", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2020-15999", }, { cve: "CVE-2020-35653", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-35653", }, ], notes: [ { category: "general", text: "In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-35653", url: "https://www.suse.com/security/cve/CVE-2020-35653", }, { category: "external", summary: "SUSE Bug 1180834 for CVE-2020-35653", url: "https://bugzilla.suse.com/1180834", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2020-35653", }, { cve: "CVE-2020-35654", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-35654", }, ], notes: [ { category: "general", text: "In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-35654", url: "https://www.suse.com/security/cve/CVE-2020-35654", }, { category: "external", summary: "SUSE Bug 1180833 for CVE-2020-35654", url: "https://bugzilla.suse.com/1180833", }, { category: "external", summary: "SUSE Bug 1183103 for CVE-2020-35654", url: "https://bugzilla.suse.com/1183103", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2020-35654", }, { cve: "CVE-2020-35655", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-35655", }, ], notes: [ { category: "general", text: "In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-35655", url: "https://www.suse.com/security/cve/CVE-2020-35655", }, { category: "external", summary: "SUSE Bug 1180832 for CVE-2020-35655", url: "https://bugzilla.suse.com/1180832", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2020-35655", }, { cve: "CVE-2021-23437", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-23437", }, ], notes: [ { category: "general", text: "The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-23437", url: "https://www.suse.com/security/cve/CVE-2021-23437", }, { category: "external", summary: "SUSE Bug 1190229 for CVE-2021-23437", url: "https://bugzilla.suse.com/1190229", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2021-23437", }, { cve: "CVE-2021-25289", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-25289", }, ], notes: [ { category: "general", text: "An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-25289", url: "https://www.suse.com/security/cve/CVE-2021-25289", }, { category: "external", summary: "SUSE Bug 1183103 for CVE-2021-25289", url: "https://bugzilla.suse.com/1183103", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2021-25289", }, { cve: "CVE-2021-25290", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-25290", }, ], notes: [ { category: "general", text: "An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-25290", url: "https://www.suse.com/security/cve/CVE-2021-25290", }, { category: "external", summary: "SUSE Bug 1183105 for CVE-2021-25290", url: "https://bugzilla.suse.com/1183105", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2021-25290", }, { cve: "CVE-2021-25291", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-25291", }, ], notes: [ { category: "general", text: "An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-25291", url: "https://www.suse.com/security/cve/CVE-2021-25291", }, { category: "external", summary: "SUSE Bug 1183106 for CVE-2021-25291", url: "https://bugzilla.suse.com/1183106", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2021-25291", }, { cve: "CVE-2021-25292", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-25292", }, ], notes: [ { category: "general", text: "An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-25292", url: "https://www.suse.com/security/cve/CVE-2021-25292", }, { category: "external", summary: "SUSE Bug 1183101 for CVE-2021-25292", url: "https://bugzilla.suse.com/1183101", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2021-25292", }, { cve: "CVE-2021-25293", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-25293", }, ], notes: [ { category: "general", text: "An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-25293", url: "https://www.suse.com/security/cve/CVE-2021-25293", }, { category: "external", summary: "SUSE Bug 1183102 for CVE-2021-25293", url: "https://bugzilla.suse.com/1183102", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2021-25293", }, { cve: "CVE-2021-27921", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-27921", }, ], notes: [ { category: "general", text: "Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-27921", url: "https://www.suse.com/security/cve/CVE-2021-27921", }, { category: "external", summary: "SUSE Bug 1183110 for CVE-2021-27921", url: "https://bugzilla.suse.com/1183110", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2021-27921", }, { cve: "CVE-2021-34552", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-34552", }, ], notes: [ { category: "general", text: "Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-34552", url: "https://www.suse.com/security/cve/CVE-2021-34552", }, { category: "external", summary: "SUSE Bug 1188574 for CVE-2021-34552", url: "https://bugzilla.suse.com/1188574", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2021-34552", }, { cve: "CVE-2024-28219", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-28219", }, ], notes: [ { category: "general", text: "In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-28219", url: "https://www.suse.com/security/cve/CVE-2024-28219", }, { category: "external", summary: "SUSE Bug 1222262 for CVE-2024-28219", url: "https://bugzilla.suse.com/1222262", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x", "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2024-28219", }, ], }
opensuse-su-2024:11209-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
python36-Pillow-8.3.2-1.2 on GA media
Notes
Title of the patch
python36-Pillow-8.3.2-1.2 on GA media
Description of the patch
These are all security issues fixed in the python36-Pillow-8.3.2-1.2 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11209
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "python36-Pillow-8.3.2-1.2 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the python36-Pillow-8.3.2-1.2 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-11209", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11209-1.json", }, { category: "self", summary: "SUSE CVE CVE-2014-3589 page", url: "https://www.suse.com/security/cve/CVE-2014-3589/", }, { category: "self", summary: "SUSE CVE CVE-2014-3598 page", url: "https://www.suse.com/security/cve/CVE-2014-3598/", }, { category: "self", summary: "SUSE CVE CVE-2016-0740 page", url: "https://www.suse.com/security/cve/CVE-2016-0740/", }, { category: "self", summary: "SUSE CVE CVE-2016-0775 page", url: "https://www.suse.com/security/cve/CVE-2016-0775/", }, { category: "self", summary: "SUSE CVE CVE-2016-3076 page", url: "https://www.suse.com/security/cve/CVE-2016-3076/", }, { category: "self", summary: "SUSE CVE CVE-2020-15999 page", url: "https://www.suse.com/security/cve/CVE-2020-15999/", }, { category: "self", summary: "SUSE CVE CVE-2020-35653 page", url: "https://www.suse.com/security/cve/CVE-2020-35653/", }, { category: "self", summary: "SUSE CVE CVE-2020-35654 page", url: "https://www.suse.com/security/cve/CVE-2020-35654/", }, { category: "self", summary: "SUSE CVE CVE-2020-35655 page", url: "https://www.suse.com/security/cve/CVE-2020-35655/", }, { category: "self", summary: "SUSE CVE CVE-2021-23437 page", url: "https://www.suse.com/security/cve/CVE-2021-23437/", }, { category: "self", summary: "SUSE CVE CVE-2021-25289 page", url: "https://www.suse.com/security/cve/CVE-2021-25289/", }, { category: "self", summary: "SUSE CVE CVE-2021-25290 page", url: "https://www.suse.com/security/cve/CVE-2021-25290/", }, { category: "self", summary: "SUSE CVE CVE-2021-25291 page", url: "https://www.suse.com/security/cve/CVE-2021-25291/", }, { category: "self", summary: "SUSE CVE CVE-2021-25292 page", url: "https://www.suse.com/security/cve/CVE-2021-25292/", }, { category: "self", summary: "SUSE CVE CVE-2021-25293 page", url: "https://www.suse.com/security/cve/CVE-2021-25293/", }, { category: "self", summary: "SUSE CVE CVE-2021-27921 page", url: "https://www.suse.com/security/cve/CVE-2021-27921/", }, { category: "self", summary: "SUSE CVE CVE-2021-34552 page", url: "https://www.suse.com/security/cve/CVE-2021-34552/", }, ], title: "python36-Pillow-8.3.2-1.2 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:11209-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "python36-Pillow-8.3.2-1.2.aarch64", product: { name: "python36-Pillow-8.3.2-1.2.aarch64", product_id: "python36-Pillow-8.3.2-1.2.aarch64", }, }, { category: "product_version", name: "python36-Pillow-tk-8.3.2-1.2.aarch64", product: { name: "python36-Pillow-tk-8.3.2-1.2.aarch64", product_id: "python36-Pillow-tk-8.3.2-1.2.aarch64", }, }, { category: "product_version", name: "python38-Pillow-8.3.2-1.2.aarch64", product: { name: "python38-Pillow-8.3.2-1.2.aarch64", product_id: "python38-Pillow-8.3.2-1.2.aarch64", }, }, { category: "product_version", name: "python38-Pillow-tk-8.3.2-1.2.aarch64", product: { name: "python38-Pillow-tk-8.3.2-1.2.aarch64", product_id: "python38-Pillow-tk-8.3.2-1.2.aarch64", }, }, { category: "product_version", name: "python39-Pillow-8.3.2-1.2.aarch64", product: { name: "python39-Pillow-8.3.2-1.2.aarch64", product_id: "python39-Pillow-8.3.2-1.2.aarch64", }, }, { category: "product_version", name: "python39-Pillow-tk-8.3.2-1.2.aarch64", product: { name: "python39-Pillow-tk-8.3.2-1.2.aarch64", product_id: "python39-Pillow-tk-8.3.2-1.2.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "python36-Pillow-8.3.2-1.2.ppc64le", product: { name: "python36-Pillow-8.3.2-1.2.ppc64le", product_id: "python36-Pillow-8.3.2-1.2.ppc64le", }, }, { category: "product_version", name: "python36-Pillow-tk-8.3.2-1.2.ppc64le", product: { name: "python36-Pillow-tk-8.3.2-1.2.ppc64le", product_id: "python36-Pillow-tk-8.3.2-1.2.ppc64le", }, }, { category: "product_version", name: "python38-Pillow-8.3.2-1.2.ppc64le", product: { name: "python38-Pillow-8.3.2-1.2.ppc64le", product_id: "python38-Pillow-8.3.2-1.2.ppc64le", }, }, { category: "product_version", name: "python38-Pillow-tk-8.3.2-1.2.ppc64le", product: { name: "python38-Pillow-tk-8.3.2-1.2.ppc64le", product_id: "python38-Pillow-tk-8.3.2-1.2.ppc64le", }, }, { category: "product_version", name: "python39-Pillow-8.3.2-1.2.ppc64le", product: { name: "python39-Pillow-8.3.2-1.2.ppc64le", product_id: "python39-Pillow-8.3.2-1.2.ppc64le", }, }, { category: "product_version", name: "python39-Pillow-tk-8.3.2-1.2.ppc64le", product: { name: "python39-Pillow-tk-8.3.2-1.2.ppc64le", product_id: "python39-Pillow-tk-8.3.2-1.2.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "python36-Pillow-8.3.2-1.2.s390x", product: { name: "python36-Pillow-8.3.2-1.2.s390x", product_id: "python36-Pillow-8.3.2-1.2.s390x", }, }, { category: "product_version", name: "python36-Pillow-tk-8.3.2-1.2.s390x", product: { name: "python36-Pillow-tk-8.3.2-1.2.s390x", product_id: "python36-Pillow-tk-8.3.2-1.2.s390x", }, }, { category: "product_version", name: "python38-Pillow-8.3.2-1.2.s390x", product: { name: "python38-Pillow-8.3.2-1.2.s390x", product_id: "python38-Pillow-8.3.2-1.2.s390x", }, }, { category: "product_version", name: "python38-Pillow-tk-8.3.2-1.2.s390x", product: { name: "python38-Pillow-tk-8.3.2-1.2.s390x", product_id: "python38-Pillow-tk-8.3.2-1.2.s390x", }, }, { category: "product_version", name: "python39-Pillow-8.3.2-1.2.s390x", product: { name: "python39-Pillow-8.3.2-1.2.s390x", product_id: "python39-Pillow-8.3.2-1.2.s390x", }, }, { category: "product_version", name: "python39-Pillow-tk-8.3.2-1.2.s390x", product: { name: "python39-Pillow-tk-8.3.2-1.2.s390x", product_id: "python39-Pillow-tk-8.3.2-1.2.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "python36-Pillow-8.3.2-1.2.x86_64", product: { name: "python36-Pillow-8.3.2-1.2.x86_64", product_id: "python36-Pillow-8.3.2-1.2.x86_64", }, }, { category: "product_version", name: "python36-Pillow-tk-8.3.2-1.2.x86_64", product: { name: "python36-Pillow-tk-8.3.2-1.2.x86_64", product_id: "python36-Pillow-tk-8.3.2-1.2.x86_64", }, }, { category: "product_version", name: "python38-Pillow-8.3.2-1.2.x86_64", product: { name: "python38-Pillow-8.3.2-1.2.x86_64", product_id: "python38-Pillow-8.3.2-1.2.x86_64", }, }, { category: "product_version", name: "python38-Pillow-tk-8.3.2-1.2.x86_64", product: { name: "python38-Pillow-tk-8.3.2-1.2.x86_64", product_id: "python38-Pillow-tk-8.3.2-1.2.x86_64", }, }, { category: "product_version", name: "python39-Pillow-8.3.2-1.2.x86_64", product: { name: "python39-Pillow-8.3.2-1.2.x86_64", product_id: "python39-Pillow-8.3.2-1.2.x86_64", }, }, { category: "product_version", name: "python39-Pillow-tk-8.3.2-1.2.x86_64", product: { name: "python39-Pillow-tk-8.3.2-1.2.x86_64", product_id: "python39-Pillow-tk-8.3.2-1.2.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "python36-Pillow-8.3.2-1.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", }, product_reference: "python36-Pillow-8.3.2-1.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python36-Pillow-8.3.2-1.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", }, product_reference: "python36-Pillow-8.3.2-1.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python36-Pillow-8.3.2-1.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", }, product_reference: "python36-Pillow-8.3.2-1.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python36-Pillow-8.3.2-1.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", }, product_reference: "python36-Pillow-8.3.2-1.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python36-Pillow-tk-8.3.2-1.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", }, product_reference: "python36-Pillow-tk-8.3.2-1.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python36-Pillow-tk-8.3.2-1.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", }, product_reference: "python36-Pillow-tk-8.3.2-1.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python36-Pillow-tk-8.3.2-1.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", }, product_reference: "python36-Pillow-tk-8.3.2-1.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python36-Pillow-tk-8.3.2-1.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", }, product_reference: "python36-Pillow-tk-8.3.2-1.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python38-Pillow-8.3.2-1.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", }, product_reference: "python38-Pillow-8.3.2-1.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python38-Pillow-8.3.2-1.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", }, product_reference: "python38-Pillow-8.3.2-1.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python38-Pillow-8.3.2-1.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", }, product_reference: "python38-Pillow-8.3.2-1.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python38-Pillow-8.3.2-1.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", }, product_reference: "python38-Pillow-8.3.2-1.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python38-Pillow-tk-8.3.2-1.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", }, product_reference: "python38-Pillow-tk-8.3.2-1.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python38-Pillow-tk-8.3.2-1.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", }, product_reference: "python38-Pillow-tk-8.3.2-1.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python38-Pillow-tk-8.3.2-1.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", }, product_reference: "python38-Pillow-tk-8.3.2-1.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python38-Pillow-tk-8.3.2-1.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", }, product_reference: "python38-Pillow-tk-8.3.2-1.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python39-Pillow-8.3.2-1.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", }, product_reference: "python39-Pillow-8.3.2-1.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python39-Pillow-8.3.2-1.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", }, product_reference: "python39-Pillow-8.3.2-1.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python39-Pillow-8.3.2-1.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", }, product_reference: "python39-Pillow-8.3.2-1.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python39-Pillow-8.3.2-1.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", }, product_reference: "python39-Pillow-8.3.2-1.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python39-Pillow-tk-8.3.2-1.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", }, product_reference: "python39-Pillow-tk-8.3.2-1.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python39-Pillow-tk-8.3.2-1.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", }, product_reference: "python39-Pillow-tk-8.3.2-1.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python39-Pillow-tk-8.3.2-1.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", }, product_reference: "python39-Pillow-tk-8.3.2-1.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python39-Pillow-tk-8.3.2-1.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", }, product_reference: "python39-Pillow-tk-8.3.2-1.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2014-3589", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-3589", }, ], notes: [ { category: "general", text: "PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-3589", url: "https://www.suse.com/security/cve/CVE-2014-3589", }, { category: "external", summary: "SUSE Bug 921566 for CVE-2014-3589", url: "https://bugzilla.suse.com/921566", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2014-3589", }, { cve: "CVE-2014-3598", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-3598", }, ], notes: [ { category: "general", text: "The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-3598", url: "https://www.suse.com/security/cve/CVE-2014-3598", }, { category: "external", summary: "SUSE Bug 921566 for CVE-2014-3598", url: "https://bugzilla.suse.com/921566", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2014-3598", }, { cve: "CVE-2016-0740", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-0740", }, ], notes: [ { category: "general", text: "Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-0740", url: "https://www.suse.com/security/cve/CVE-2016-0740", }, { category: "external", summary: "SUSE Bug 965579 for CVE-2016-0740", url: "https://bugzilla.suse.com/965579", }, { category: "external", summary: "SUSE Bug 965582 for CVE-2016-0740", url: "https://bugzilla.suse.com/965582", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-0740", }, { cve: "CVE-2016-0775", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-0775", }, ], notes: [ { category: "general", text: "Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-0775", url: "https://www.suse.com/security/cve/CVE-2016-0775", }, { category: "external", summary: "SUSE Bug 965579 for CVE-2016-0775", url: "https://bugzilla.suse.com/965579", }, { category: "external", summary: "SUSE Bug 965582 for CVE-2016-0775", url: "https://bugzilla.suse.com/965582", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-0775", }, { cve: "CVE-2016-3076", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-3076", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-3076", url: "https://www.suse.com/security/cve/CVE-2016-3076", }, { category: "external", summary: "SUSE Bug 973786 for CVE-2016-3076", url: "https://bugzilla.suse.com/973786", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-3076", }, { cve: "CVE-2020-15999", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-15999", }, ], notes: [ { category: "general", text: "Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-15999", url: "https://www.suse.com/security/cve/CVE-2020-15999", }, { category: "external", summary: "SUSE Bug 1177914 for CVE-2020-15999", url: "https://bugzilla.suse.com/1177914", }, { category: "external", summary: "SUSE Bug 1177936 for CVE-2020-15999", url: "https://bugzilla.suse.com/1177936", }, { category: "external", summary: "SUSE Bug 1178824 for CVE-2020-15999", url: "https://bugzilla.suse.com/1178824", }, { category: "external", summary: "SUSE Bug 1178894 for CVE-2020-15999", url: "https://bugzilla.suse.com/1178894", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2020-15999", }, { cve: "CVE-2020-35653", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-35653", }, ], notes: [ { category: "general", text: "In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-35653", url: "https://www.suse.com/security/cve/CVE-2020-35653", }, { category: "external", summary: "SUSE Bug 1180834 for CVE-2020-35653", url: "https://bugzilla.suse.com/1180834", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2020-35653", }, { cve: "CVE-2020-35654", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-35654", }, ], notes: [ { category: "general", text: "In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-35654", url: "https://www.suse.com/security/cve/CVE-2020-35654", }, { category: "external", summary: "SUSE Bug 1180833 for CVE-2020-35654", url: "https://bugzilla.suse.com/1180833", }, { category: "external", summary: "SUSE Bug 1183103 for CVE-2020-35654", url: "https://bugzilla.suse.com/1183103", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2020-35654", }, { cve: "CVE-2020-35655", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-35655", }, ], notes: [ { category: "general", text: "In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-35655", url: "https://www.suse.com/security/cve/CVE-2020-35655", }, { category: "external", summary: "SUSE Bug 1180832 for CVE-2020-35655", url: "https://bugzilla.suse.com/1180832", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2020-35655", }, { cve: "CVE-2021-23437", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-23437", }, ], notes: [ { category: "general", text: "The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-23437", url: "https://www.suse.com/security/cve/CVE-2021-23437", }, { category: "external", summary: "SUSE Bug 1190229 for CVE-2021-23437", url: "https://bugzilla.suse.com/1190229", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2021-23437", }, { cve: "CVE-2021-25289", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-25289", }, ], notes: [ { category: "general", text: "An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-25289", url: "https://www.suse.com/security/cve/CVE-2021-25289", }, { category: "external", summary: "SUSE Bug 1183103 for CVE-2021-25289", url: "https://bugzilla.suse.com/1183103", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2021-25289", }, { cve: "CVE-2021-25290", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-25290", }, ], notes: [ { category: "general", text: "An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-25290", url: "https://www.suse.com/security/cve/CVE-2021-25290", }, { category: "external", summary: "SUSE Bug 1183105 for CVE-2021-25290", url: "https://bugzilla.suse.com/1183105", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2021-25290", }, { cve: "CVE-2021-25291", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-25291", }, ], notes: [ { category: "general", text: "An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-25291", url: "https://www.suse.com/security/cve/CVE-2021-25291", }, { category: "external", summary: "SUSE Bug 1183106 for CVE-2021-25291", url: "https://bugzilla.suse.com/1183106", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2021-25291", }, { cve: "CVE-2021-25292", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-25292", }, ], notes: [ { category: "general", text: "An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-25292", url: "https://www.suse.com/security/cve/CVE-2021-25292", }, { category: "external", summary: "SUSE Bug 1183101 for CVE-2021-25292", url: "https://bugzilla.suse.com/1183101", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2021-25292", }, { cve: "CVE-2021-25293", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-25293", }, ], notes: [ { category: "general", text: "An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-25293", url: "https://www.suse.com/security/cve/CVE-2021-25293", }, { category: "external", summary: "SUSE Bug 1183102 for CVE-2021-25293", url: "https://bugzilla.suse.com/1183102", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2021-25293", }, { cve: "CVE-2021-27921", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-27921", }, ], notes: [ { category: "general", text: "Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-27921", url: "https://www.suse.com/security/cve/CVE-2021-27921", }, { category: "external", summary: "SUSE Bug 1183110 for CVE-2021-27921", url: "https://bugzilla.suse.com/1183110", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2021-27921", }, { cve: "CVE-2021-34552", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-34552", }, ], notes: [ { category: "general", text: "Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-34552", url: "https://www.suse.com/security/cve/CVE-2021-34552", }, { category: "external", summary: "SUSE Bug 1188574 for CVE-2021-34552", url: "https://bugzilla.suse.com/1188574", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x", "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2021-34552", }, ], }
ghsa-98vv-pw6r-q6q4
Vulnerability from github
Published
2021-09-07 23:08
Modified
2024-10-09 21:02
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Summary
Uncontrolled Resource Consumption in pillow
Details
The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.
{ affected: [ { package: { ecosystem: "PyPI", name: "pillow", }, ranges: [ { events: [ { introduced: "5.2.0", }, { fixed: "8.3.2", }, ], type: "ECOSYSTEM", }, ], }, ], aliases: [ "CVE-2021-23437", ], database_specific: { cwe_ids: [ "CWE-125", "CWE-400", ], github_reviewed: true, github_reviewed_at: "2021-09-07T15:15:55Z", nvd_published_at: "2021-09-03T16:15:00Z", severity: "HIGH", }, details: "The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.", id: "GHSA-98vv-pw6r-q6q4", modified: "2024-10-09T21:02:05Z", published: "2021-09-07T23:08:10Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-23437", }, { type: "WEB", url: "https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b", }, { type: "ADVISORY", url: "https://github.com/advisories/GHSA-98vv-pw6r-q6q4", }, { type: "WEB", url: "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-317.yaml", }, { type: "PACKAGE", url: "https://github.com/python-pillow/Pillow", }, { type: "WEB", url: "https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT", }, { type: "WEB", url: "https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html", }, { type: "WEB", url: "https://security.gentoo.org/glsa/202211-10", }, { type: "WEB", url: "https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", type: "CVSS_V3", }, { score: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", type: "CVSS_V4", }, ], summary: "Uncontrolled Resource Consumption in pillow", }
pysec-2021-317
Vulnerability from pysec
Published
2021-09-03 16:15
Modified
2021-09-03 18:35
Details
The package pillow from 0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.
Impacted products
| Name | purl |
|---|---|
| pillow | pkg:pypi/pillow |
{ affected: [ { package: { ecosystem: "PyPI", name: "pillow", purl: "pkg:pypi/pillow", }, ranges: [ { events: [ { introduced: "0", }, { fixed: "9e08eb8f78fdfd2f476e1b20b7cf38683754866b", }, ], repo: "https://github.com/python-pillow/Pillow", type: "GIT", }, { events: [ { introduced: "0", }, { fixed: "8.3.2", }, ], type: "ECOSYSTEM", }, ], versions: [ "1.0", "1.1", "1.2", "1.3", "1.4", "1.5", "1.6", "1.7.0", "1.7.1", "1.7.2", "1.7.3", "1.7.4", "1.7.5", "1.7.6", "1.7.7", "1.7.8", "2.0.0", "2.1.0", "2.2.0", "2.2.1", "2.2.2", "2.3.0", "2.3.1", "2.3.2", "2.4.0", "2.5.0", "2.5.1", "2.5.2", "2.5.3", "2.6.0", "2.6.1", "2.6.2", "2.7.0", "2.8.0", "2.8.1", "2.8.2", "2.9.0", "3.0.0", "3.1.0", "3.1.0.rc1", "3.1.0rc1", "3.1.1", "3.1.2", "3.2.0", "3.3.0", "3.3.1", "3.3.2", "3.3.3", "3.4.0", "3.4.1", "3.4.2", "4.0.0", "4.1.0", "4.1.1", "4.2.0", "4.2.1", "4.3.0", "5.0.0", "5.1.0", "5.2.0", "5.3.0", "5.4.0", "5.4.0.dev0", "5.4.1", "6.0.0", "6.1.0", "6.2.0", "6.2.1", "6.2.2", "7.0.0", "7.1.0", "7.1.1", "7.1.2", "7.2.0", "8.0.0", "8.0.1", "8.1.0", "8.1.1", "8.1.2", "8.2.0", "8.3.0", "8.3.1", ], }, ], aliases: [ "CVE-2021-23437", "SNYK-PYTHON-PILLOW-1319443", "GHSA-98vv-pw6r-q6q4", ], details: "The package pillow from 0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.", id: "PYSEC-2021-317", modified: "2021-09-03T18:35:52.828411Z", published: "2021-09-03T16:15:00Z", references: [ { type: "WEB", url: "https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html", }, { type: "FIX", url: "https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b", }, { type: "ADVISORY", url: "https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443", }, { type: "ADVISORY", url: "https://github.com/advisories/GHSA-98vv-pw6r-q6q4", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.