Back

Multiple Pillow Vulnerabilities Affect Ubuntu Releases

Severity: Medium (Score: 57.8)

Sources: Ubuntu, Linuxsecurity

Summary

Several vulnerabilities in the Pillow library have been identified, impacting Ubuntu 14.04, 16.04, and 18.04 LTS. These vulnerabilities include an out-of-bounds read issue when handling J2K files (CVE-2021-25287, CVE-2021-25288) and a buffer overflow due to improper integer arithmetic (CVE-2021-25290). An attacker could exploit these vulnerabilities to cause denial of service or potentially execute arbitrary code. The vulnerabilities affect various versions of the Pillow library, with specific patches available for each affected Ubuntu release. Users are advised to update their systems to mitigate these risks. The vulnerabilities were disclosed on March 19, 2021, and June 2, 2021, with additional vulnerabilities reported in 2023. The current status indicates that updates are available for all affected systems. Key Points: • Pillow vulnerabilities affect Ubuntu 14.04, 16.04, and 18.04 LTS. • Exploits could lead to denial of service or arbitrary code execution. • Users should update their systems to the latest package versions.

Key Entities

  • DDoS (attack_type)
  • CVE-2021-25287 (cve)
  • CVE-2021-25288 (cve)
  • CVE-2021-25290 (cve)
  • CVE-2021-28675 (cve)
  • CVE-2021-28676 (cve)
  • Ubuntu (company)
  • Ubuntu Pro (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed