Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python pillow vulnerabilities and exploits
(subscribe to this query)
446
VMScore
CVE-2021-25290
An issue exists in Pillow prior to 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.
Python Pillow
Debian Debian Linux 9.0
445
VMScore
CVE-2021-25291
An issue exists in Pillow prior to 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.
Python Pillow
445
VMScore
CVE-2021-27923
Pillow prior to 8.1.1 allows malicious users to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.
Python Pillow
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
445
VMScore
CVE-2021-27921
Pillow prior to 8.1.1 allows malicious users to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.
Python Pillow
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
445
VMScore
CVE-2021-27922
Pillow prior to 8.1.1 allows malicious users to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.
Python Pillow
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
516
VMScore
CVE-2020-35653
In Pillow prior to 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.
Python Pillow
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Debian Debian Linux 9.0
605
VMScore
CVE-2020-35654
In Pillow prior to 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.
Python Pillow
Fedoraproject Fedora 32
Fedoraproject Fedora 33
516
VMScore
CVE-2020-35655
In Pillow prior to 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.
Python Pillow
Fedoraproject Fedora 32
Fedoraproject Fedora 33
383
VMScore
CVE-2020-10177
Pillow prior to 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c.
Python Pillow
Debian Debian Linux 9.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
605
VMScore
CVE-2020-11538
In libImaging/SgiRleDecode.c in Pillow up to and including 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311.
Python Pillow
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »