Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pillow vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2022-22817
PIL.ImageMath.eval in Pillow prior to 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used.
Python Pillow
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
1 Github repository
5
CVSSv2
CVE-2021-23437
The package pillow 5.2.0 and prior to 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.
Python Pillow
Fedoraproject Fedora 33
Fedoraproject Fedora 34
1 Github repository
7.5
CVSSv2
CVE-2021-34552
Pillow up to and including 8.2.0 and PIL (aka Python Imaging Library) up to and including 1.1.7 allow an malicious user to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.
Python Pillow
Debian Debian Linux 9.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
6.4
CVSSv2
CVE-2021-25287
An issue exists in Pillow prior to 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.
Python Pillow
Fedoraproject Fedora 33
6.4
CVSSv2
CVE-2021-25288
An issue exists in Pillow prior to 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i.
Python Pillow
Fedoraproject Fedora 33
5
CVSSv2
CVE-2021-28676
An issue exists in Pillow prior to 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load.
Python Pillow
Fedoraproject Fedora 33
5
CVSSv2
CVE-2021-28677
An issue exists in Pillow prior to 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS ...
Python Pillow
Fedoraproject Fedora 33
4.3
CVSSv2
CVE-2021-28678
An issue exists in Pillow prior to 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data.
Python Pillow
Fedoraproject Fedora 33
4.3
CVSSv2
CVE-2021-28675
An issue exists in Pillow prior to 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load.
Python Pillow
Fedoraproject Fedora 33
5
CVSSv2
CVE-2021-25290
An issue exists in Pillow prior to 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.
Python Pillow
Debian Debian Linux 9.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »