brainlabs-digital / heimdall Goto Github PK

View Code? Open in Web Editor NEW

30.0 30.0 10.0 36 KB

Website screenshots in a single line of Python.

License: Apache License 2.0

JavaScript 62.97% Python 37.03%

heimdall's People

Contributors

Stargazers

Watchers

Forkers

pombredanne lury teserak hyperbolictonic xarenwo shiniapplegami deathinwhite joaquinmorenoa hellolewis nweller

heimdall's Issues

Error 2

Hi, i tried to use your script but it gives the following error:

Traceback (most recent call last):
File "takescreenshots.py", line 3, in
heimdall.png("https://www.medieval-europe.eu/", device="Laptop")
File "/usr/lib/python2.7/site-packages/heimdall/heimdall.py", line 33, in png
return save(url, **kwargs)
File "/usr/lib/python2.7/site-packages/heimdall/heimdall.py", line 22, in save
screenshot_image = screenshot(url, **kwargs)
File "/usr/lib/python2.7/site-packages/heimdall/heimdall.py", line 86, in screenshot
stdout=subprocess.PIPE).communicate()[0]
File "/usr/lib64/python2.7/subprocess.py", line 711, in init
errread, errwrite)
File "/usr/lib64/python2.7/subprocess.py", line 1327, in _execute_child
raise child_exception
OSError: [Errno 2] No such file or directory

Can you help me in finding out what's wrong?

Pillow-2.7.0.zip: 40 vulnerabilities (highest severity is: 9.8)

Vulnerable Library - Pillow-2.7.0.zip

Python Imaging Library (Fork)

Library home page: https://files.pythonhosted.org/packages/98/bf/9e00cfeae875d6b7071d5e015920c06e9dc0a55d43780ed3c49c1fb4382e/Pillow-2.7.0.zip

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Found in HEAD commit: ef2aed9b9e54aa1064153230047922a8ee09d467

Vulnerabilities

CVE	Severity	CVSS	Dependency	Type	Fixed in (Pillow version)	Remediation Possible**
CVE-2020-5311	Critical	9.8	Pillow-2.7.0.zip	Direct	Pillow - 6.2.2	✅
CVE-2020-5312	Critical	9.8	Pillow-2.7.0.zip	Direct	Pillow - 6.2.2	✅
CVE-2022-22817	Critical	9.8	Pillow-2.7.0.zip	Direct	Pillow - 9.0.0	✅
CVE-2021-34552	Critical	9.8	Pillow-2.7.0.zip	Direct	Pillow-8.3.0	✅
CVE-2021-25289	Critical	9.8	Pillow-2.7.0.zip	Direct	8.1.1	✅
CVE-2022-24303	Critical	9.1	Pillow-2.7.0.zip	Direct	Pillow - 9.0.1	✅
CVE-2021-25287	Critical	9.1	Pillow-2.7.0.zip	Direct	Pillow - 8.2.0	✅
CVE-2021-25288	Critical	9.1	Pillow-2.7.0.zip	Direct	Pillow - 8.2.0	✅
CVE-2020-5310	High	8.8	Pillow-2.7.0.zip	Direct	Pillow - 6.2.2	✅
CVE-2023-50447	High	8.1	Pillow-2.7.0.zip	Direct	pillow - 10.2.0	✅
CVE-2020-11538	High	8.1	Pillow-2.7.0.zip	Direct	7.1.0	✅
CVE-2020-10379	High	7.8	Pillow-2.7.0.zip	Direct	7.1.0	✅
CVE-2019-19911	High	7.5	Pillow-2.7.0.zip	Direct	Pillow - 6.2.2	✅
CVE-2021-27923	High	7.5	Pillow-2.7.0.zip	Direct	Pillow - 8.1.2	✅
CVE-2019-16865	High	7.5	Pillow-2.7.0.zip	Direct	6.2.0	✅
WS-2022-0097	High	7.5	Pillow-2.7.0.zip	Direct	Pillow - 9.0.0	✅
CVE-2021-25290	High	7.5	Pillow-2.7.0.zip	Direct	8.1.1	✅
CVE-2021-25291	High	7.5	Pillow-2.7.0.zip	Direct	8.1.1	✅
CVE-2022-45198	High	7.5	Pillow-2.7.0.zip	Direct	Pillow - 9.2.0	✅
CVE-2022-45199	High	7.5	Pillow-2.7.0.zip	Direct	Pillow - 9.3.0	✅
CVE-2021-23437	High	7.5	Pillow-2.7.0.zip	Direct	Pillow - 8.3.2	✅
CVE-2021-27921	High	7.5	Pillow-2.7.0.zip	Direct	Pillow - 8.1.2	✅
CVE-2021-27922	High	7.5	Pillow-2.7.0.zip	Direct	Pillow - 8.1.2	✅
CVE-2020-5313	High	7.1	Pillow-2.7.0.zip	Direct	Pillow - 6.2.2	✅
CVE-2020-35653	High	7.1	Pillow-2.7.0.zip	Direct	8.1.0	✅
CVE-2021-25292	Medium	6.5	Pillow-2.7.0.zip	Direct	8.1.1	✅
CVE-2022-22815	Medium	6.5	Pillow-2.7.0.zip	Direct	Pillow - 9.0.0	✅
CVE-2022-22816	Medium	6.5	Pillow-2.7.0.zip	Direct	Pillow - 9.0.0	✅
CVE-2016-9189	Medium	5.5	Pillow-2.7.0.zip	Direct	3.3.2	✅
CVE-2016-2533	Medium	5.5	Pillow-2.7.0.zip	Direct	Pillow - 3.1.1;Python Imaging Library - 1.1.7	✅
CVE-2016-0775	Medium	5.5	Pillow-2.7.0.zip	Direct	3.1.1	✅
CVE-2016-9190	Medium	5.5	Pillow-2.7.0.zip	Direct	3.3.2	✅
CVE-2016-3076	Medium	5.5	Pillow-2.7.0.zip	Direct	3.2.0	✅
CVE-2016-4009	Medium	5.5	Pillow-2.7.0.zip	Direct	3.1.1	✅
CVE-2016-0740	Medium	5.5	Pillow-2.7.0.zip	Direct	3.1.1	✅
CVE-2020-10378	Medium	5.5	Pillow-2.7.0.zip	Direct	7.1.0	✅
CVE-2020-10994	Medium	5.5	Pillow-2.7.0.zip	Direct	7.1.0	✅
CVE-2020-10177	Medium	5.5	Pillow-2.7.0.zip	Direct	7.1.0	✅
CVE-2021-28675	Medium	5.5	Pillow-2.7.0.zip	Direct	Pillow - 8.2.0	✅
CVE-2020-35655	Medium	5.4	Pillow-2.7.0.zip	Direct	8.1.0	✅

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

Partial details (25 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.

CVE-2020-5311

Vulnerable Library - Pillow-2.7.0.zip

Python Imaging Library (Fork)

Library home page: https://files.pythonhosted.org/packages/98/bf/9e00cfeae875d6b7071d5e015920c06e9dc0a55d43780ed3c49c1fb4382e/Pillow-2.7.0.zip

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

❌ Pillow-2.7.0.zip (Vulnerable Library)

Found in HEAD commit: ef2aed9b9e54aa1064153230047922a8ee09d467

Found in base branch: master

Vulnerability Details

libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow.

Publish Date: 2020-01-03

URL: CVE-2020-5311

CVSS 3 Score Details (9.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5311

Release Date: 2020-07-10

Fix Resolution: Pillow - 6.2.2

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2020-5312

Vulnerable Library - Pillow-2.7.0.zip

Python Imaging Library (Fork)

Library home page: https://files.pythonhosted.org/packages/98/bf/9e00cfeae875d6b7071d5e015920c06e9dc0a55d43780ed3c49c1fb4382e/Pillow-2.7.0.zip

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

❌ Pillow-2.7.0.zip (Vulnerable Library)

Found in HEAD commit: ef2aed9b9e54aa1064153230047922a8ee09d467

Found in base branch: master

Vulnerability Details

libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.

Publish Date: 2020-01-03

URL: CVE-2020-5312

CVSS 3 Score Details (9.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5312

Release Date: 2020-07-10

Fix Resolution: Pillow - 6.2.2

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2022-22817

Vulnerable Library - Pillow-2.7.0.zip

Python Imaging Library (Fork)

Library home page: https://files.pythonhosted.org/packages/98/bf/9e00cfeae875d6b7071d5e015920c06e9dc0a55d43780ed3c49c1fb4382e/Pillow-2.7.0.zip

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

❌ Pillow-2.7.0.zip (Vulnerable Library)

Found in HEAD commit: ef2aed9b9e54aa1064153230047922a8ee09d467

Found in base branch: master

Vulnerability Details

PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used.

Publish Date: 2022-01-10

URL: CVE-2022-22817

CVSS 3 Score Details (9.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817

Release Date: 2022-01-10

Fix Resolution: Pillow - 9.0.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2021-34552

Vulnerable Library - Pillow-2.7.0.zip

Python Imaging Library (Fork)

Library home page: https://files.pythonhosted.org/packages/98/bf/9e00cfeae875d6b7071d5e015920c06e9dc0a55d43780ed3c49c1fb4382e/Pillow-2.7.0.zip

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

❌ Pillow-2.7.0.zip (Vulnerable Library)

Found in HEAD commit: ef2aed9b9e54aa1064153230047922a8ee09d467

Found in base branch: master

Vulnerability Details

Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.

Publish Date: 2021-07-13

URL: CVE-2021-34552

CVSS 3 Score Details (9.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow

Release Date: 2021-07-13

Fix Resolution: Pillow-8.3.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2021-25289

Vulnerable Library - Pillow-2.7.0.zip

Python Imaging Library (Fork)

Library home page: https://files.pythonhosted.org/packages/98/bf/9e00cfeae875d6b7071d5e015920c06e9dc0a55d43780ed3c49c1fb4382e/Pillow-2.7.0.zip

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

❌ Pillow-2.7.0.zip (Vulnerable Library)

Found in HEAD commit: ef2aed9b9e54aa1064153230047922a8ee09d467

Found in base branch: master

Vulnerability Details

An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.

Publish Date: 2021-03-19

URL: CVE-2021-25289

CVSS 3 Score Details (9.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html

Release Date: 2021-03-19

Fix Resolution: 8.1.1

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2022-24303

Vulnerable Library - Pillow-2.7.0.zip

Python Imaging Library (Fork)

Library home page: https://files.pythonhosted.org/packages/98/bf/9e00cfeae875d6b7071d5e015920c06e9dc0a55d43780ed3c49c1fb4382e/Pillow-2.7.0.zip

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

❌ Pillow-2.7.0.zip (Vulnerable Library)

Found in HEAD commit: ef2aed9b9e54aa1064153230047922a8ee09d467

Found in base branch: master

Vulnerability Details

Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.

Publish Date: 2022-03-28

URL: CVE-2022-24303

CVSS 3 Score Details (9.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-9j59-75qj-795w

Release Date: 2022-03-28

Fix Resolution: Pillow - 9.0.1

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2021-25287

Vulnerable Library - Pillow-2.7.0.zip

Python Imaging Library (Fork)

Library home page: https://files.pythonhosted.org/packages/98/bf/9e00cfeae875d6b7071d5e015920c06e9dc0a55d43780ed3c49c1fb4382e/Pillow-2.7.0.zip

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

❌ Pillow-2.7.0.zip (Vulnerable Library)

Found in HEAD commit: ef2aed9b9e54aa1064153230047922a8ee09d467

Found in base branch: master

Vulnerability Details

An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.

Publish Date: 2021-06-02

URL: CVE-2021-25287

CVSS 3 Score Details (9.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25287

Release Date: 2021-06-02

Fix Resolution: Pillow - 8.2.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2021-25288

Vulnerable Library - Pillow-2.7.0.zip

Python Imaging Library (Fork)

Library home page: https://files.pythonhosted.org/packages/98/bf/9e00cfeae875d6b7071d5e015920c06e9dc0a55d43780ed3c49c1fb4382e/Pillow-2.7.0.zip

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

❌ Pillow-2.7.0.zip (Vulnerable Library)

Found in HEAD commit: ef2aed9b9e54aa1064153230047922a8ee09d467

Found in base branch: master

Vulnerability Details

An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i.

Publish Date: 2021-06-02

URL: CVE-2021-25288

CVSS 3 Score Details (9.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25288

Release Date: 2021-06-02

Fix Resolution: Pillow - 8.2.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2020-5310

Vulnerable Library - Pillow-2.7.0.zip

Python Imaging Library (Fork)

Library home page: https://files.pythonhosted.org/packages/98/bf/9e00cfeae875d6b7071d5e015920c06e9dc0a55d43780ed3c49c1fb4382e/Pillow-2.7.0.zip

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

❌ Pillow-2.7.0.zip (Vulnerable Library)

Found in HEAD commit: ef2aed9b9e54aa1064153230047922a8ee09d467

Found in base branch: master

Vulnerability Details

libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc.

Publish Date: 2020-01-03

URL: CVE-2020-5310

CVSS 3 Score Details (8.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5310

Release Date: 2020-01-03

Fix Resolution: Pillow - 6.2.2

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2023-50447

Vulnerable Library - Pillow-2.7.0.zip

Python Imaging Library (Fork)

Library home page: https://files.pythonhosted.org/packages/98/bf/9e00cfeae875d6b7071d5e015920c06e9dc0a55d43780ed3c49c1fb4382e/Pillow-2.7.0.zip

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

❌ Pillow-2.7.0.zip (Vulnerable Library)

Found in HEAD commit: ef2aed9b9e54aa1064153230047922a8ee09d467

Found in base branch: master

Vulnerability Details

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).

Publish Date: 2024-01-19

URL: CVE-2023-50447

CVSS 3 Score Details (8.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.openwall.com/lists/oss-security/2024/01/20/1

Release Date: 2024-01-19

Fix Resolution: pillow - 10.2.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2020-11538

Vulnerable Library - Pillow-2.7.0.zip

Python Imaging Library (Fork)

Library home page: https://files.pythonhosted.org/packages/98/bf/9e00cfeae875d6b7071d5e015920c06e9dc0a55d43780ed3c49c1fb4382e/Pillow-2.7.0.zip

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

❌ Pillow-2.7.0.zip (Vulnerable Library)

Found in HEAD commit: ef2aed9b9e54aa1064153230047922a8ee09d467

Found in base branch: master

Vulnerability Details

In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311.

Publish Date: 2020-06-25

URL: CVE-2020-11538

CVSS 3 Score Details (8.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2020-06-25

Fix Resolution: 7.1.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2020-10379

Vulnerable Library - Pillow-2.7.0.zip

Python Imaging Library (Fork)

Library home page: https://files.pythonhosted.org/packages/98/bf/9e00cfeae875d6b7071d5e015920c06e9dc0a55d43780ed3c49c1fb4382e/Pillow-2.7.0.zip

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

❌ Pillow-2.7.0.zip (Vulnerable Library)

Found in HEAD commit: ef2aed9b9e54aa1064153230047922a8ee09d467

Found in base branch: master

Vulnerability Details

In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c.

Publish Date: 2020-06-25

URL: CVE-2020-10379

CVSS 3 Score Details (7.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2020-06-25

Fix Resolution: 7.1.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2019-19911

Vulnerable Library - Pillow-2.7.0.zip

Python Imaging Library (Fork)

Library home page: https://files.pythonhosted.org/packages/98/bf/9e00cfeae875d6b7071d5e015920c06e9dc0a55d43780ed3c49c1fb4382e/Pillow-2.7.0.zip

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

❌ Pillow-2.7.0.zip (Vulnerable Library)

Found in HEAD commit: ef2aed9b9e54aa1064153230047922a8ee09d467

Found in base branch: master

Vulnerability Details

There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux running 64-bit Python this results in the process being terminated by the OOM killer.

Publish Date: 2020-01-05

URL: CVE-2019-19911

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2020-01-05

Fix Resolution: Pillow - 6.2.2

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2021-27923

Vulnerable Library - Pillow-2.7.0.zip

Python Imaging Library (Fork)

Library home page: https://files.pythonhosted.org/packages/98/bf/9e00cfeae875d6b7071d5e015920c06e9dc0a55d43780ed3c49c1fb4382e/Pillow-2.7.0.zip

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

❌ Pillow-2.7.0.zip (Vulnerable Library)

Found in HEAD commit: ef2aed9b9e54aa1064153230047922a8ee09d467

Found in base branch: master

Vulnerability Details

Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.
Mend Note: After conducting further research, Mend has determined that all versions of Pillow up to version 8.1.1 are vulnerable to CVE-2021-27923.

Publish Date: 2021-03-03

URL: CVE-2021-27923

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html

Release Date: 2021-03-03

Fix Resolution: Pillow - 8.1.2

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2019-16865

Vulnerable Library - Pillow-2.7.0.zip

Python Imaging Library (Fork)

Library home page: https://files.pythonhosted.org/packages/98/bf/9e00cfeae875d6b7071d5e015920c06e9dc0a55d43780ed3c49c1fb4382e/Pillow-2.7.0.zip

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

❌ Pillow-2.7.0.zip (Vulnerable Library)

Found in HEAD commit: ef2aed9b9e54aa1064153230047922a8ee09d467

Found in base branch: master

Vulnerability Details

An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.

Publish Date: 2019-10-04

URL: CVE-2019-16865

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16865

Release Date: 2019-10-04

Fix Resolution: 6.2.0

⛑️ Automatic Remediation will be attempted for this issue.

WS-2022-0097

Vulnerable Library - Pillow-2.7.0.zip

Python Imaging Library (Fork)

Library home page: https://files.pythonhosted.org/packages/98/bf/9e00cfeae875d6b7071d5e015920c06e9dc0a55d43780ed3c49c1fb4382e/Pillow-2.7.0.zip

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

❌ Pillow-2.7.0.zip (Vulnerable Library)

Found in HEAD commit: ef2aed9b9e54aa1064153230047922a8ee09d467

Found in base branch: master

Vulnerability Details

JpegImagePlugin may append an EOF marker to the end of a truncated file, so that the last segment of the data will still be processed by the decoder.

If the EOF marker is not detected as such however, this could lead to an infinite loop where JpegImagePlugin keeps trying to end the file.

Publish Date: 2022-03-11

URL: WS-2022-0097

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-4fx9-vc88-q2xc

Release Date: 2022-03-11

Fix Resolution: Pillow - 9.0.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2021-25290

Vulnerable Library - Pillow-2.7.0.zip

Python Imaging Library (Fork)

Library home page: https://files.pythonhosted.org/packages/98/bf/9e00cfeae875d6b7071d5e015920c06e9dc0a55d43780ed3c49c1fb4382e/Pillow-2.7.0.zip

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

❌ Pillow-2.7.0.zip (Vulnerable Library)

Found in HEAD commit: ef2aed9b9e54aa1064153230047922a8ee09d467

Found in base branch: master

Vulnerability Details

An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.

Publish Date: 2021-03-19

URL: CVE-2021-25290

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html

Release Date: 2021-03-19

Fix Resolution: 8.1.1

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2021-25291

Vulnerable Library - Pillow-2.7.0.zip

Python Imaging Library (Fork)

Library home page: https://files.pythonhosted.org/packages/98/bf/9e00cfeae875d6b7071d5e015920c06e9dc0a55d43780ed3c49c1fb4382e/Pillow-2.7.0.zip

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

❌ Pillow-2.7.0.zip (Vulnerable Library)

Found in HEAD commit: ef2aed9b9e54aa1064153230047922a8ee09d467

Found in base branch: master

Vulnerability Details

An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.

Publish Date: 2021-03-19

URL: CVE-2021-25291

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html

Release Date: 2021-03-19

Fix Resolution: 8.1.1

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2022-45198

Vulnerable Library - Pillow-2.7.0.zip

Python Imaging Library (Fork)

Library home page: https://files.pythonhosted.org/packages/98/bf/9e00cfeae875d6b7071d5e015920c06e9dc0a55d43780ed3c49c1fb4382e/Pillow-2.7.0.zip

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

❌ Pillow-2.7.0.zip (Vulnerable Library)

Found in HEAD commit: ef2aed9b9e54aa1064153230047922a8ee09d467

Found in base branch: master

Vulnerability Details

Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).

Publish Date: 2022-11-14

URL: CVE-2022-45198

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2022-11-14

Fix Resolution: Pillow - 9.2.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2022-45199

Vulnerable Library - Pillow-2.7.0.zip

Python Imaging Library (Fork)

Library home page: https://files.pythonhosted.org/packages/98/bf/9e00cfeae875d6b7071d5e015920c06e9dc0a55d43780ed3c49c1fb4382e/Pillow-2.7.0.zip

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

❌ Pillow-2.7.0.zip (Vulnerable Library)

Found in HEAD commit: ef2aed9b9e54aa1064153230047922a8ee09d467

Found in base branch: master

Vulnerability Details

Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.

Publish Date: 2022-11-14

URL: CVE-2022-45199

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2022-11-14

Fix Resolution: Pillow - 9.3.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2021-23437

Vulnerable Library - Pillow-2.7.0.zip

Python Imaging Library (Fork)

Library home page: https://files.pythonhosted.org/packages/98/bf/9e00cfeae875d6b7071d5e015920c06e9dc0a55d43780ed3c49c1fb4382e/Pillow-2.7.0.zip

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

❌ Pillow-2.7.0.zip (Vulnerable Library)

Found in HEAD commit: ef2aed9b9e54aa1064153230047922a8ee09d467

Found in base branch: master

Vulnerability Details

The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.

Publish Date: 2021-09-03

URL: CVE-2021-23437

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html

Release Date: 2021-09-03

Fix Resolution: Pillow - 8.3.2

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2021-27921

Vulnerable Library - Pillow-2.7.0.zip

Python Imaging Library (Fork)

Library home page: https://files.pythonhosted.org/packages/98/bf/9e00cfeae875d6b7071d5e015920c06e9dc0a55d43780ed3c49c1fb4382e/Pillow-2.7.0.zip

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

❌ Pillow-2.7.0.zip (Vulnerable Library)

Found in HEAD commit: ef2aed9b9e54aa1064153230047922a8ee09d467

Found in base branch: master

Vulnerability Details

Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.
Mend Note: After conducting further research, Mend has determined that all versions of Pillow up to version 8.1.1 are vulnerable to CVE-2021-27921.

Publish Date: 2021-03-03

URL: CVE-2021-27921

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html

Release Date: 2021-03-03

Fix Resolution: Pillow - 8.1.2

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2021-27922

Vulnerable Library - Pillow-2.7.0.zip

Python Imaging Library (Fork)

Library home page: https://files.pythonhosted.org/packages/98/bf/9e00cfeae875d6b7071d5e015920c06e9dc0a55d43780ed3c49c1fb4382e/Pillow-2.7.0.zip

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

❌ Pillow-2.7.0.zip (Vulnerable Library)

Found in HEAD commit: ef2aed9b9e54aa1064153230047922a8ee09d467

Found in base branch: master

Vulnerability Details

Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.
Mend Note: After conducting further research, Mend has determined that all versions of Pillow up to version 8.1.1 are vulnerable to CVE-2021-27922.

Publish Date: 2021-03-03

URL: CVE-2021-27922

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html

Release Date: 2021-03-03

Fix Resolution: Pillow - 8.1.2

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2020-5313

Vulnerable Library - Pillow-2.7.0.zip

Python Imaging Library (Fork)

Library home page: https://files.pythonhosted.org/packages/98/bf/9e00cfeae875d6b7071d5e015920c06e9dc0a55d43780ed3c49c1fb4382e/Pillow-2.7.0.zip

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

❌ Pillow-2.7.0.zip (Vulnerable Library)

Found in HEAD commit: ef2aed9b9e54aa1064153230047922a8ee09d467

Found in base branch: master

Vulnerability Details

libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.

Publish Date: 2020-01-03

URL: CVE-2020-5313

CVSS 3 Score Details (7.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5313

Release Date: 2020-01-03

Fix Resolution: Pillow - 6.2.2

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2020-35653

Vulnerable Library - Pillow-2.7.0.zip

Python Imaging Library (Fork)

Library home page: https://files.pythonhosted.org/packages/98/bf/9e00cfeae875d6b7071d5e015920c06e9dc0a55d43780ed3c49c1fb4382e/Pillow-2.7.0.zip

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

❌ Pillow-2.7.0.zip (Vulnerable Library)

Found in HEAD commit: ef2aed9b9e54aa1064153230047922a8ee09d467

Found in base branch: master

Vulnerability Details

In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.

Publish Date: 2021-01-12

URL: CVE-2020-35653

CVSS 3 Score Details (7.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35653

Release Date: 2021-01-12

Fix Resolution: 8.1.0

⛑️ Automatic Remediation will be attempted for this issue.

⛑️Automatic Remediation will be attempted for this issue.

enhancement: x and y offset

Suggestion, make it possible not only to control width and height, but also x and y offset.

heimdall.png("http://www.tomanthony.co.uk/", width=1440, height=900)

Devices Module Error

from devices import heimdallDevice
ModuleNotFoundError: No module named 'devices'

wheel-0.24.0-py2.py3-none-any.whl: 1 vulnerabilities (highest severity is: 7.5)

Vulnerable Library - wheel-0.24.0-py2.py3-none-any.whl

A built-package format for Python

Library home page: https://files.pythonhosted.org/packages/e8/14/eaaac12b0432c984a27ad0050a5a0bedc6135df35a0f5f1f35228faf12d4/wheel-0.24.0-py2.py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Found in HEAD commit: ef2aed9b9e54aa1064153230047922a8ee09d467

Vulnerabilities

CVE	Severity	CVSS	Dependency	Type	Fixed in (wheel version)	Remediation Possible**
CVE-2022-40898	High	7.5	wheel-0.24.0-py2.py3-none-any.whl	Direct	0.38.0	✅

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2022-40898

Vulnerable Library - wheel-0.24.0-py2.py3-none-any.whl

A built-package format for Python

Library home page: https://files.pythonhosted.org/packages/e8/14/eaaac12b0432c984a27ad0050a5a0bedc6135df35a0f5f1f35228faf12d4/wheel-0.24.0-py2.py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

❌ wheel-0.24.0-py2.py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: ef2aed9b9e54aa1064153230047922a8ee09d467

Found in base branch: master

Vulnerability Details

An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.

Publish Date: 2022-12-23

URL: CVE-2022-40898

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2022-12-23

Fix Resolution: 0.38.0

⛑️ Automatic Remediation will be attempted for this issue.

⛑️Automatic Remediation will be attempted for this issue.

AttributeError: module 'heimdall' has no attribute 'png'

somehow something appears to be broken with the import system. I installed with pip, and verified that it is.

#! /usr/bin/env python3

import heimdall

screenshot = heimdall.png('<myurl>', device='Laptop')

This yields

AttributeError: module 'heimdall' has no attribute 'png'

No File found

Traceback (most recent call last):
File "dfsdf.py", line 3, in
ss = heimdall.save("https://www.youtube.com/c/youtube", format="PNG", device="Laptop")
File "C:\Users\Stepan\AppData\Local\Programs\Python\Python38\lib\site-packages\heimdall\heimdall.py", line 22, in save
screenshot_image = screenshot(url, **kwargs)
File "C:\Users\Stepan\AppData\Local\Programs\Python\Python38\lib\site-packages\heimdall\heimdall.py", line 85, in screenshot
output = subprocess.Popen(cmd_args,
File "C:\Users\Stepan\AppData\Local\Programs\Python\Python38\lib\subprocess.py", line 854, in init
self._execute_child(args, executable, preexec_fn, close_fds,
File "C:\Users\Stepan\AppData\Local\Programs\Python\Python38\lib\subprocess.py", line 1307, in _execute_child
hp, ht, pid, tid = _winapi.CreateProcess(executable, args,
FileNotFoundError: [WinError 2] Не удается найти указанный файл

Pillow-9.5.0-cp37-cp37m-manylinux_2_28_x86_64.whl: 2 vulnerabilities (highest severity is: 8.1)

Vulnerable Library - Pillow-9.5.0-cp37-cp37m-manylinux_2_28_x86_64.whl

Python Imaging Library (Fork)

Library home page: https://files.pythonhosted.org/packages/2c/a2/2d565cb1d754384a88998b9c86daf803a3a7908577875231eb99b8c7973d/Pillow-9.5.0-cp37-cp37m-manylinux_2_28_x86_64.whl

Path to dependency file: /tmp/ws-scm/heimdall

Path to vulnerable library: /tmp/ws-scm/heimdall

Found in HEAD commit: ef2aed9b9e54aa1064153230047922a8ee09d467

Vulnerabilities

CVE	Severity	CVSS	Dependency	Type	Fixed in (Pillow version)	Remediation Possible**
CVE-2023-50447	High	8.1	Pillow-9.5.0-cp37-cp37m-manylinux_2_28_x86_64.whl	Direct	pillow - 10.2.0	✅
CVE-2023-44271	High	7.5	Pillow-9.5.0-cp37-cp37m-manylinux_2_28_x86_64.whl	Direct	Pillow - 10.0.0	✅

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-50447

Vulnerable Library - Pillow-9.5.0-cp37-cp37m-manylinux_2_28_x86_64.whl

Python Imaging Library (Fork)

Library home page: https://files.pythonhosted.org/packages/2c/a2/2d565cb1d754384a88998b9c86daf803a3a7908577875231eb99b8c7973d/Pillow-9.5.0-cp37-cp37m-manylinux_2_28_x86_64.whl

Path to dependency file: /tmp/ws-scm/heimdall

Path to vulnerable library: /tmp/ws-scm/heimdall

Dependency Hierarchy:

❌ Pillow-9.5.0-cp37-cp37m-manylinux_2_28_x86_64.whl (Vulnerable Library)

Found in HEAD commit: ef2aed9b9e54aa1064153230047922a8ee09d467

Found in base branch: master

Vulnerability Details

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).

Publish Date: 2024-01-19

URL: CVE-2023-50447

CVSS 3 Score Details (8.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.openwall.com/lists/oss-security/2024/01/20/1

Release Date: 2024-01-19

Fix Resolution: pillow - 10.2.0

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2023-44271

Vulnerable Library - Pillow-9.5.0-cp37-cp37m-manylinux_2_28_x86_64.whl

Python Imaging Library (Fork)

Library home page: https://files.pythonhosted.org/packages/2c/a2/2d565cb1d754384a88998b9c86daf803a3a7908577875231eb99b8c7973d/Pillow-9.5.0-cp37-cp37m-manylinux_2_28_x86_64.whl

Path to dependency file: /tmp/ws-scm/heimdall

Path to vulnerable library: /tmp/ws-scm/heimdall

Dependency Hierarchy:

❌ Pillow-9.5.0-cp37-cp37m-manylinux_2_28_x86_64.whl (Vulnerable Library)

Found in HEAD commit: ef2aed9b9e54aa1064153230047922a8ee09d467

Found in base branch: master

Vulnerability Details

An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.

Publish Date: 2023-11-03

URL: CVE-2023-44271

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2023-11-03

Fix Resolution: Pillow - 10.0.0

⛑️ Automatic Remediation will be attempted for this issue.

⛑️Automatic Remediation will be attempted for this issue.

delay in screenshot taken ?

Is there an option to delay the screenshot to ensure the full page is loaded ?

Upgrade Pillow to version 6.2.2 or later

Fix security issue

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.