Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python pillow vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2021-34552
Pillow up to and including 8.2.0 and PIL (aka Python Imaging Library) up to and including 1.1.7 allow an malicious user to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.
Python Pillow
Debian Debian Linux 9.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
4.3
CVSSv2
CVE-2021-28678
An issue exists in Pillow prior to 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data.
Python Pillow
Fedoraproject Fedora 33
6.4
CVSSv2
CVE-2021-25287
An issue exists in Pillow prior to 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.
Python Pillow
Fedoraproject Fedora 33
6.4
CVSSv2
CVE-2021-25288
An issue exists in Pillow prior to 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i.
Python Pillow
Fedoraproject Fedora 33
5
CVSSv2
CVE-2021-28676
An issue exists in Pillow prior to 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load.
Python Pillow
Fedoraproject Fedora 33
5
CVSSv2
CVE-2021-28677
An issue exists in Pillow prior to 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS ...
Python Pillow
Fedoraproject Fedora 33
4.3
CVSSv2
CVE-2021-28675
An issue exists in Pillow prior to 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load.
Python Pillow
Fedoraproject Fedora 33
7.5
CVSSv2
CVE-2021-25289
An issue exists in Pillow prior to 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.
Python Pillow
5
CVSSv2
CVE-2021-25290
An issue exists in Pillow prior to 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.
Python Pillow
Debian Debian Linux 9.0
5
CVSSv2
CVE-2021-25291
An issue exists in Pillow prior to 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.
Python Pillow
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »