Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python pillow vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2016-0775
Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow prior to 3.1.1 allows remote malicious users to cause a denial of service (crash) via a crafted FLI file.
Python Pillow
Debian Debian Linux 8.0
Debian Debian Linux 7.0
5
CVSSv2
CVE-2021-27921
Pillow prior to 8.1.1 allows malicious users to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.
Python Pillow
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
5
CVSSv2
CVE-2021-27922
Pillow prior to 8.1.1 allows malicious users to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.
Python Pillow
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
5
CVSSv2
CVE-2021-27923
Pillow prior to 8.1.1 allows malicious users to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.
Python Pillow
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
5
CVSSv2
CVE-2014-9601
Pillow prior to 2.7.0 allows remote malicious users to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed.
Python Pillow
Oracle Solaris 11.2
Fedoraproject Fedora 21
Opensuse Opensuse 13.2
6.8
CVSSv2
CVE-2020-10379
In Pillow prior to 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c.
Python Pillow
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Canonical Ubuntu Linux 20.04
7.5
CVSSv2
CVE-2021-34552
Pillow up to and including 8.2.0 and PIL (aka Python Imaging Library) up to and including 1.1.7 allow an malicious user to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.
Python Pillow
Debian Debian Linux 9.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
5.8
CVSSv2
CVE-2020-35653
In Pillow prior to 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.
Python Pillow
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Debian Debian Linux 9.0
6.4
CVSSv2
CVE-2022-22815
path_getbbox in path.c in Pillow prior to 9.0.0 improperly initializes ImagePath.Path.
Python Pillow
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
6.4
CVSSv2
CVE-2022-22816
path_getbbox in path.c in Pillow prior to 9.0.0 has a buffer over-read during initialization of ImagePath.Path.
Python Pillow
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »