Radarhere

Name of the Vulnerable Software and Affected Versions: Pillow versions 11.2.0 through 11.2.x Description: The issue is a heap buffer overflow that occurs when writing a sufficiently large image in the DDS format. This happens because the library writes into a buffer without checking for available space. The issue only affects users who save untrusted data as a compressed DDS image. Recommendations: For Pillow versions 11.2.0 through 11.2.x, update to version 11.3.0 to resolve the issue. As a temporary workaround, consider avoiding the saving of untrusted data as compressed DDS images until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Pillow versions prior to 9.0.1 **Description** The issue is related to the mishandling of spaces in temporary pathnames, which can be exploited by attackers to delete files. This can lead to data integrity issues and potentially cause a denial of service. The vulnerability can be exploited remotely. **Recommendations** For versions prior to 9.0.1, update to version 9.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to temporary files and directories to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Pillow versions prior to 6.2.2 **Description** The issue is related to a buffer overflow in the PCX P mode of the Pillow library when encoding images. This could allow a remote attacker to cause a denial of service. **Recommendations** For versions prior to 6.2.2, update to version 6.2.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Pillow versions prior to 6.2.2 **Description** The issue is related to a buffer overflow in the `libImaging/FliDecode.c` function of the Pillow image processing library. This buffer overflow can be exploited by a remote attacker to gain access to confidential information or cause a denial of service. The vulnerability is associated with reading beyond the permissible boundaries of a data buffer. **Recommendations** For Pillow versions prior to 6.2.2, update to version 6.2.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `libImaging/FliDecode.c` function until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Pillow versions prior to 6.2.2 **Description** The issue is related to a TIFF decoding integer overflow in the libImaging/TiffDecode.c file of the Pillow library. This overflow is connected to the `realloc` function. The exploitation of this issue could allow a remote attacker to cause a denial of service. **Recommendations** For versions prior to 6.2.2, update to version 6.2.2 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the `libImaging/TiffDecode.c` function for TIFF decoding until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Pillow versions prior to 6.2.2 **Description** The issue is related to a buffer overflow in the SGI RLE decoding process. This can potentially allow a remote attacker to cause a denial of service. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For versions prior to 6.2.2, update to version 6.2.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `libImaging/SgiRleDecode.c` module until a patch is available. Avoid using the SGI RLE decoding function in the affected library until the issue is resolved.