Vulnerabilities (CVE)

Filtered by vendor Python Subscribe
Filtered by product Pillow
Total 50 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-19911 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2023-02-01 5.0 MEDIUM 7.5 HIGH
There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux running 64-bit Python this results in the process being terminated by the OOM killer.
CVE-2022-24303 2 Fedoraproject, Python 2 Fedora, Pillow 2023-01-31 6.4 MEDIUM 9.1 CRITICAL
Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.
CVE-2022-22817 2 Debian, Python 2 Debian Linux, Pillow 2023-01-31 7.5 HIGH 9.8 CRITICAL
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used,
CVE-2022-22816 2 Debian, Python 2 Debian Linux, Pillow 2023-01-31 6.4 MEDIUM 6.5 MEDIUM
path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.
CVE-2021-34552 3 Debian, Fedoraproject, Python 3 Debian Linux, Fedora, Pillow 2023-01-31 7.5 HIGH 9.8 CRITICAL
Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.
CVE-2021-23437 2 Fedoraproject, Python 2 Fedora, Pillow 2023-01-31 5.0 MEDIUM 7.5 HIGH
The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.
CVE-2022-22815 2 Debian, Python 2 Debian Linux, Pillow 2023-01-31 6.4 MEDIUM 6.5 MEDIUM
path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.
CVE-2020-5313 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2023-01-24 5.8 MEDIUM 7.1 HIGH
libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.
CVE-2020-5310 3 Canonical, Fedoraproject, Python 3 Ubuntu Linux, Fedora, Pillow 2023-01-24 6.8 MEDIUM 8.8 HIGH
libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc.
CVE-2022-45199 1 Python 1 Pillow 2023-01-10 N/A 7.5 HIGH
Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.
CVE-2022-45198 1 Python 1 Pillow 2023-01-10 N/A 7.5 HIGH
Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).
CVE-2021-27922 2 Fedoraproject, Python 2 Fedora, Pillow 2022-07-12 5.0 MEDIUM 7.5 HIGH
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.
CVE-2021-27923 2 Fedoraproject, Python 2 Fedora, Pillow 2022-07-12 5.0 MEDIUM 7.5 HIGH
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.
CVE-2021-27921 2 Fedoraproject, Python 2 Fedora, Pillow 2022-07-12 5.0 MEDIUM 7.5 HIGH
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.
CVE-2022-30595 1 Python 1 Pillow 2022-06-03 7.5 HIGH 9.8 CRITICAL
libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files.
CVE-2020-35653 3 Debian, Fedoraproject, Python 3 Debian Linux, Fedora, Pillow 2022-04-22 5.8 MEDIUM 7.1 HIGH
In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.
CVE-2021-25290 2 Debian, Python 2 Debian Linux, Pillow 2021-12-03 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.
CVE-2021-25289 1 Python 1 Pillow 2021-12-01 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.
CVE-2021-25291 1 Python 1 Pillow 2021-12-01 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.
CVE-2021-25292 1 Python 1 Pillow 2021-12-01 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.