Bugzilla – Bug 1188574
VUL-0: CVE-2021-34552: python-Pillow: buffer overflow in Convert.c
Last modified: 2024-06-13 12:36:33 UTC
rh#1982378 Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c. Reference: https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow References: https://bugzilla.redhat.com/show_bug.cgi?id=1982378 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34552 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34552 http://www.cvedetails.com/cve/CVE-2021-34552/ https://pillow.readthedocs.io/en/stable/releasenotes/index.html https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow
SUSE-SU-2021:2595-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1188574 CVE References: CVE-2021-34552 JIRA References: Sources used: SUSE OpenStack Cloud 7 (src): python-Pillow-2.8.1-4.25.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:2631-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1188574 CVE References: CVE-2021-34552 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): python-Pillow-5.2.0-3.11.1 SUSE OpenStack Cloud 9 (src): python-Pillow-5.2.0-3.11.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:2632-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1188574 CVE References: CVE-2021-34552 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 8 (src): python-Pillow-4.2.1-3.17.1 SUSE OpenStack Cloud 8 (src): python-Pillow-4.2.1-3.17.1 HPE Helion Openstack 8 (src): python-Pillow-4.2.1-3.17.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Fixes for SOC available, back to Security team.
SUSE-SU-2024:1673-1: An update that solves 12 vulnerabilities can now be installed. Category: security (critical) Bug References: 1180833, 1183101, 1183102, 1183103, 1183105, 1183107, 1183108, 1183110, 1188574, 1190229, 1194551, 1194552 CVE References: CVE-2020-35654, CVE-2021-23437, CVE-2021-25289, CVE-2021-25290, CVE-2021-25292, CVE-2021-25293, CVE-2021-27921, CVE-2021-27922, CVE-2021-27923, CVE-2021-34552, CVE-2022-22815, CVE-2022-22816 Maintenance Incident: [SUSE:Maintenance:33871](https://smelt.suse.de/incident/33871/) Sources used: openSUSE Leap 15.3 (src): python-Pillow-7.2.0-150300.3.15.1 openSUSE Leap 15.5 (src): python-Pillow-7.2.0-150300.3.15.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:1673-2: An update that solves 12 vulnerabilities can now be installed. Category: security (critical) Bug References: 1180833, 1183101, 1183102, 1183103, 1183105, 1183107, 1183108, 1183110, 1188574, 1190229, 1194551, 1194552 CVE References: CVE-2020-35654, CVE-2021-23437, CVE-2021-25289, CVE-2021-25290, CVE-2021-25292, CVE-2021-25293, CVE-2021-27921, CVE-2021-27922, CVE-2021-27923, CVE-2021-34552, CVE-2022-22815, CVE-2022-22816 Maintenance Incident: [SUSE:Maintenance:33871](https://smelt.suse.de/incident/33871/) Sources used: SUSE Package Hub 15 15-SP6 (src): python-Pillow-7.2.0-150300.3.15.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.