Debian: >> Debian Linux Security Vulnerabilities
LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-01-10
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-01-10
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-01-10
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVSS Score
9.8
EPSS Score
0.013
Published
2022-01-10
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-01-10
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-01-10
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-01-10
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used.
CVSS Score
9.8
EPSS Score
0.028
Published
2022-01-10
path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-01-10
path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-01-10