openSUSE: 2024:1673-1 Critical: python-Pillow Security Flaws

suse

May 17, 2024

* bsc#1180833 * bsc#1183101 * bsc#1183102 * bsc#1183103 * bsc#1183105

Summary

## This update for python-Pillow fixes the following issues: * Fixed ImagePath.Path array handling (bsc#1194552, CVE-2022-22815, bsc#1194551, CVE-2022-22816) * Use snprintf instead of sprintf (bsc#1188574, CVE-2021-34552) * Fix Memory DOS in Icns, Ico and Blp Image Plugins. (bsc#1183110, CVE-2021-27921, bsc#1183108, CVE-2021-27922, bsc#1183107, CVE-2021-27923) * Fix OOB read in SgiRleDecode.c (bsc#1183102, CVE-2021-25293) * Use more specific regex chars to prevent ReDoS (bsc#1183101, CVE-2021-25292) * Fix negative size read in TiffDecode.c (bsc#1183105, CVE-2021-25290) * Raise ValueError if color specifier is too long (bsc#1190229, CVE-2021-23437) * Incorrect error code checking in TiffDecode.c (bsc#1183103, CVE-2021-25289) * OOB Write in TiffDecode.c (bsc#1180833, CVE-2020-35654)

Topics Covered

security advisory security issue critical software update threat mitigation openSUSE python-pillow

References

* bsc#1180833

* bsc#1183101

* bsc#1183102

* bsc#1183103

* bsc#1183105

* bsc#1183107

* bsc#1183108

* bsc#1183110

* bsc#1188574

* bsc#1190229

* bsc#1194551

* bsc#1194552

Cross-

* CVE-2020-35654

* CVE-2021-23437

* CVE-2021-25289

* CVE-2021-25290

* CVE-2021-25292

* CVE-2021-25293

* CVE-2021-27921

* CVE-2021-27922

* CVE-2021-27923

* CVE-2021-34552

* CVE-2022-22815

* CVE-2022-22816

CVSS scores:

* CVE-2020-35654 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2020-35654 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2021-23437 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2021-23437 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2021-25289 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity

critical

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2024:1673-1

Rating: critical

Topics Covered

security advisory security issue critical software update threat mitigation openSUSE python-pillow

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

openSUSE: 2024:1673-1 Critical: python-Pillow Security Flaws

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

openSUSE: 2024:1673-1 Critical: python-Pillow Security Flaws

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!