This causes memory corruption when parsing certain input. This can result in a denial of service.

CVE-2019-15815 In path.c in Pillow before 9.0.0, a crafted ImagePath can cause a buffer overflow when decoding the image data.

CVE-2019-15810 In path.c in Pillow before 9.0.0, there is a potential for a denial of service when decoding certain crafted input.

CVE-2019-15811 In path.c in Pillow before 9.0.0, a crafted input that uses concatenation with a negative length can cause a denial of service.

CVE-2019-15812 In path.c in Pillow before 9.0.0, a crafted input of a type that Pillow doesn't handle can cause a denial of service.

CVE-2019-15813 In path.c in Pillow before 9.0.0, a crafted input that uses a NULL-terminated string can cause a denial of service.

CVE-2019-15814 In path.c in Pillow before 9.0.0, a crafted input can cause a denial of service when decoding certain data.

CVE-2019-15815 In path.c in Pillow before 9.0.0, a crafted input of a type that Pillow handles can cause a buffer overflow.

CVE-2019-15816 In path.c

Potential buffer overflow on input processing

In path.c in Pillow before 9.0.0, there is a potential for a denial of service when decoding certain crafted input because the input is too large and causes the decoder to exceed the size of allocated memory.

There is a potential denial of service in path.c in Pillow before 9.0.0 because of an integer overfl ows during decoding certain crafted input.


#1: The number of characters in the input string is too large for the character array that is used to store it.

#2: The length of a string is greater than or equal to 0xFFFFFFF and less than 256, which causes an integer overflow.

Graphics Library (GL)

The GL (Graphics Library) is a cross-platform, vendor-neutral API that provides hardware acceleration for 3D rendering.
Pillow is a library which makes it easy to use the OS's native graphics stack. It offers a higher level of abstraction than the OS's native OpenGL stack, providing both speed and quality improvements.

Timeline

Published on: 01/10/2022 14:12:00 UTC
Last modified on: 05/04/2022 17:07:00 UTC

References