Showing 1 - 6 of 6

CVE-2024-28219

Status Candidate

Overview

In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.

Gentoo Linux Security Advisory 202411-07: Posted Nov 18, 2024; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202411-7 - A vulnerability has been discovered in Pillow, which may lead to arbitrary code execution. Versions greater than or equal to 10.3.0 are affected.; tags | advisory, arbitrary, code execution; systems | linux, gentoo; advisories | CVE-2024-28219; SHA-256 | f33ea09ad2289f635434f7ee97a896c3bcb59965736b5163ab8e08d19639a6af; Download | Favorite | View

Red Hat Security Advisory 2024-4227-03: Posted Jul 3, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-4227-03 - An update for python-pillow is now available for Red Hat Enterprise Linux 8. Issues addressed include a buffer overflow vulnerability.; tags | advisory, overflow, python; systems | linux, redhat; advisories | CVE-2024-28219; SHA-256 | 65ffa14489ee69ff80247bb3f2e076ec5f58dca0b10d6ac7d324a9dd229debb0; Download | Favorite | View

Debian Security Advisory 5704-1: Posted Jun 6, 2024; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5704-1 - Multiple security issues were discovered in Pillow, a Python imaging library, which could result in denial of service or the execution of arbitrary code if malformed images are processed.; tags | advisory, denial of service, arbitrary, python; systems | linux, debian; advisories | CVE-2023-44271, CVE-2023-50447, CVE-2024-28219; SHA-256 | 39d19c693f17390d6a2ae39c504630ddbff9dabe4a9550c53beda72dd79c2817; Download | Favorite | View

Ubuntu Security Notice USN-6744-3: Posted Apr 29, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6744-3 - USN-6744-1 fixed a vulnerability in Pillow. This update provides the corresponding updates for Ubuntu 24.04 LTS. Hugo van Kemenade discovered that Pillow was not properly performing bounds checks when processing an ICC file, which could lead to a buffer overflow. If a user or automated system were tricked into processing a specially crafted ICC file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code.; tags | advisory, denial of service, overflow, arbitrary; systems | linux, ubuntu; advisories | CVE-2024-28219; SHA-256 | a3c5e325117510f72eaab078b9452bd572b5c6a7b644c56f33872ee990abf55d; Download | Favorite | View

Ubuntu Security Notice USN-6744-2: Posted Apr 23, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6744-2 - USN-6744-1 fixed a vulnerability in Pillow. This update provides the corresponding updates for Pillow in Ubuntu 20.04 LTS. Hugo van Kemenade discovered that Pillow was not properly performing bounds checks when processing an ICC file, which could lead to a buffer overflow. If a user or automated system were tricked into processing a specially crafted ICC file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code.; tags | advisory, denial of service, overflow, arbitrary; systems | linux, ubuntu; advisories | CVE-2024-28219; SHA-256 | 7f9a3f70c1f7e100375a7fbb89547638e45380d3ba57eca5212263547b378f8c; Download | Favorite | View

Ubuntu Security Notice USN-6744-1: Posted Apr 23, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6744-1 - Hugo van Kemenade discovered that Pillow was not properly performing bounds checks when processing an ICC file, which could lead to a buffer overflow. If a user or automated system were tricked into processing a specially crafted ICC file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code.; tags | advisory, denial of service, overflow, arbitrary; systems | linux, ubuntu; advisories | CVE-2024-28219; SHA-256 | a1631938e290abb7678d024b33eb2b0bf5cf2f26fdff61069536a736c29b981a; Download | Favorite | View

Page 1 of 1 Back 1 Next