Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python pillow vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2020-11538
In libImaging/SgiRleDecode.c in Pillow up to and including 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311.
Python Pillow
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
5.5
CVSSv3
CVE-2020-10378
In libImaging/PcxDecode.c in Pillow prior to 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer.
Python Pillow
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
7.8
CVSSv3
CVE-2020-10379
In Pillow prior to 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c.
Python Pillow
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Canonical Ubuntu Linux 20.04
7.5
CVSSv3
CVE-2019-19911
There is a DoS vulnerability in Pillow prior to 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. ...
Python Pillow
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 30
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 16.04
8.8
CVSSv3
CVE-2020-5310
libImaging/TiffDecode.c in Pillow prior to 6.2.2 has a TIFF decoding integer overflow, related to realloc.
Python Pillow
Canonical Ubuntu Linux 18.04
Fedoraproject Fedora 30
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
Fedoraproject Fedora 31
Canonical Ubuntu Linux 16.04
9.8
CVSSv3
CVE-2020-5311
libImaging/SgiRleDecode.c in Pillow prior to 6.2.2 has an SGI buffer overflow.
Python Pillow
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Fedoraproject Fedora 30
Canonical Ubuntu Linux 19.10
Fedoraproject Fedora 31
9.8
CVSSv3
CVE-2020-5312
libImaging/PcxDecode.c in Pillow prior to 6.2.2 has a PCX P mode buffer overflow.
Python Pillow
Canonical Ubuntu Linux 16.04
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Fedoraproject Fedora 30
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
Fedoraproject Fedora 31
7.1
CVSSv3
CVE-2020-5313
libImaging/FliDecode.c in Pillow prior to 6.2.2 has an FLI buffer overflow.
Python Pillow
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Fedoraproject Fedora 30
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
Fedoraproject Fedora 31
Canonical Ubuntu Linux 16.04
2 Github repositories
7.5
CVSSv3
CVE-2019-16865
An issue exists in Pillow prior to 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.
Python Pillow
Fedoraproject Fedora 30
Fedoraproject Fedora 31
5.5
CVSSv3
CVE-2016-3076
Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 up to and including 3.1.1 allows remote malicious users to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.
Python Pillow 2.9.0
Python Pillow 2.5.1
Python Pillow 2.5.2
Python Pillow 3.0.0
Python Pillow 2.5.3
Python Pillow 2.6.2
Python Pillow 2.6.0
Python Pillow 2.5.0
Python Pillow 2.7.0
Python Pillow 3.1.0
Python Pillow 2.6.1
Python Pillow 2.8.2
Python Pillow 2.8.1
Python Pillow 2.8.0
2 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »