Detections
Analytics

openSUSE 15 Security Update : python-Pillow (SUSE-SU-2024:1673-1)

critical Nessus Plugin ID 197551

Language:

Synopsis

The remote openSUSE host is missing one or more security updates.

Description

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1673-1 advisory.

 - In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. (CVE-2020-35654)

 - The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function. (CVE-2021-23437)

 - An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654. (CVE-2021-25289)

 - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size. (CVE-2021-25290)

 - An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex. (CVE-2021-25292)

 - An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.
 (CVE-2021-25293)

 - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. (CVE-2021-27921)

 - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large. (CVE-2021-27922)

 - Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large. (CVE-2021-27923)

 - Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.
 (CVE-2021-34552)

 - path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. (CVE-2022-22815)

 - path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. (CVE-2022-22816)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected python3-Pillow and / or python3-Pillow-tk packages.

See Also

https://bugzilla.suse.com/1180833

https://bugzilla.suse.com/1183101

https://bugzilla.suse.com/1183102

https://bugzilla.suse.com/1183103

https://bugzilla.suse.com/1183105

https://bugzilla.suse.com/1183107

https://bugzilla.suse.com/1183108

https://bugzilla.suse.com/1183110

https://bugzilla.suse.com/1188574

https://bugzilla.suse.com/1190229

https://bugzilla.suse.com/1194551

https://bugzilla.suse.com/1194552

http://www.nessus.org/u?0aff4692

https://www.suse.com/security/cve/CVE-2020-35654

https://www.suse.com/security/cve/CVE-2021-23437

https://www.suse.com/security/cve/CVE-2021-25289

https://www.suse.com/security/cve/CVE-2021-25290

https://www.suse.com/security/cve/CVE-2021-25292

https://www.suse.com/security/cve/CVE-2021-25293

https://www.suse.com/security/cve/CVE-2021-27921

https://www.suse.com/security/cve/CVE-2021-27922

https://www.suse.com/security/cve/CVE-2021-27923

https://www.suse.com/security/cve/CVE-2021-34552

https://www.suse.com/security/cve/CVE-2022-22815

https://www.suse.com/security/cve/CVE-2022-22816

Plugin Details

Severity: Critical

ID: 197551

File Name: suse_SU-2024-1673-1.nasl

Version: 1.0

Type: local

Agent: unix

Published: 5/21/2024

Updated: 5/21/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-34552

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/17/2024

Vulnerability Publication Date: 1/12/2021

Reference Information

CVE: CVE-2020-35654, CVE-2021-23437, CVE-2021-25289, CVE-2021-25290, CVE-2021-25292, CVE-2021-25293, CVE-2021-27921, CVE-2021-27922, CVE-2021-27923, CVE-2021-34552, CVE-2022-22815, CVE-2022-22816

SuSE: SUSE-SU-2024:1673-1