FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-20 14:15:46 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
0700e76c-3eb0-11ea-8478-3085a9a95629	Pillow -- Multiple vulnerabilities Pillow developers report: This release addresses several security problems, as well as addressing CVE-2019-19911. CVE-2019-19911 is regarding FPX images. If an image reports that it has a large number of bands, a large amount of resources will be used when trying to process the image. This is fixed by limiting the number of bands to those usable by Pillow. Buffer overruns were found when processing an SGI, PCX or FLI image. Checks have been added to prevent this. Overflow checks have been added when calculating the size of a memory block to be reallocated in the processing of a TIFF image. Discovery 2019-12-19 Entry 2020-01-24 py27-pillow py35-pillow py36-pillow py37-pillow py38-pillow < 6.2.2 https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html CVE-2019-19911 CVE-2020-5310 CVE-2020-5311 CVE-2020-5312 CVE-2020-5313 ports/243336
998ca824-ef55-11e9-b81f-3085a9a95629	Pillow -- Allocation of resources without limits or throttling Mitre reports: An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image. Discovery 2019-09-24 Entry 2019-10-15 py27-pillow py35-pillow py36-pillow py37-pillow < 6.2.0 https://github.com/python-pillow/Pillow/issues/4123 CVE-2019-16865 ports/241268

VuXML ID

Description

0700e76c-3eb0-11ea-8478-3085a9a95629

Pillow -- Multiple vulnerabilities

Pillow developers report:

This release addresses several security problems, as well as addressing CVE-2019-19911.
CVE-2019-19911 is regarding FPX images. If an image reports that it has a large number of bands, a large amount of resources will be used when trying to process the image. This is fixed by limiting the number of bands to those usable by Pillow.
Buffer overruns were found when processing an SGI, PCX or FLI image. Checks have been added to prevent this.
Overflow checks have been added when calculating the size of a memory block to be reallocated in the processing of a TIFF image.

Discovery 2019-12-19
Entry 2020-01-24
py27-pillow
py35-pillow
py36-pillow
py37-pillow
py38-pillow

< 6.2.2

https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
CVE-2019-19911
CVE-2020-5310
CVE-2020-5311
CVE-2020-5312
CVE-2020-5313
ports/243336

998ca824-ef55-11e9-b81f-3085a9a95629

Pillow -- Allocation of resources without limits or throttling

Mitre reports:

An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.

Discovery 2019-09-24
Entry 2019-10-15
py27-pillow
py35-pillow
py36-pillow
py37-pillow

< 6.2.0

https://github.com/python-pillow/Pillow/issues/4123
CVE-2019-16865
ports/241268