Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python pillow vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2022-22817
PIL.ImageMath.eval in Pillow prior to 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used.
Python Pillow
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
1 Github repository
4.3
CVSSv2
CVE-2020-10994
In libImaging/Jpeg2KDecode.c in Pillow prior to 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file.
Python Pillow
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
6.8
CVSSv2
CVE-2020-11538
In libImaging/SgiRleDecode.c in Pillow up to and including 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311.
Python Pillow
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
4.3
CVSSv2
CVE-2020-10378
In libImaging/PcxDecode.c in Pillow prior to 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer.
Python Pillow
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
4.3
CVSSv2
CVE-2020-10177
Pillow prior to 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c.
Python Pillow
Debian Debian Linux 9.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
7.5
CVSSv2
CVE-2020-5311
libImaging/SgiRleDecode.c in Pillow prior to 6.2.2 has an SGI buffer overflow.
Python Pillow
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Fedoraproject Fedora 30
Canonical Ubuntu Linux 19.10
Fedoraproject Fedora 31
6.8
CVSSv2
CVE-2020-5310
libImaging/TiffDecode.c in Pillow prior to 6.2.2 has a TIFF decoding integer overflow, related to realloc.
Python Pillow
Canonical Ubuntu Linux 18.04
Fedoraproject Fedora 30
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
Fedoraproject Fedora 31
Canonical Ubuntu Linux 16.04
5
CVSSv2
CVE-2019-19911
There is a DoS vulnerability in Pillow prior to 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. ...
Python Pillow
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 30
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 16.04
7.5
CVSSv2
CVE-2020-5312
libImaging/PcxDecode.c in Pillow prior to 6.2.2 has a PCX P mode buffer overflow.
Python Pillow
Canonical Ubuntu Linux 16.04
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Fedoraproject Fedora 30
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
Fedoraproject Fedora 31
5.8
CVSSv2
CVE-2020-5313
libImaging/FliDecode.c in Pillow prior to 6.2.2 has an FLI buffer overflow.
Python Pillow
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Fedoraproject Fedora 30
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
Fedoraproject Fedora 31
Canonical Ubuntu Linux 16.04
2 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5