Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python pillow vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2020-10378
In libImaging/PcxDecode.c in Pillow prior to 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer.
Python Pillow
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
4.3
CVSSv2
CVE-2016-3076
Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 up to and including 3.1.1 allows remote malicious users to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.
Python Pillow 2.9.0
Python Pillow 2.5.1
Python Pillow 2.5.2
Python Pillow 3.0.0
Python Pillow 2.5.3
Python Pillow 2.6.2
Python Pillow 2.6.0
Python Pillow 2.5.0
Python Pillow 2.7.0
Python Pillow 3.1.0
Python Pillow 2.6.1
Python Pillow 2.8.2
Python Pillow 2.8.1
Python Pillow 2.8.0
2 Github repositories
4.3
CVSSv2
CVE-2016-0740
Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow prior to 3.1.1 allows remote malicious users to overwrite memory via a crafted TIFF file.
Python Pillow
Debian Debian Linux 7.0
Debian Debian Linux 8.0
4.3
CVSSv2
CVE-2016-2533
Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow prior to 3.1.1 and Python Imaging Library (PIL) 1.1.7 and previous versions allows remote malicious users to cause a denial of service (crash) via a crafted PhotoCD file.
Python Imaging Project Python Imaging
Python Pillow
Debian Debian Linux 8.0
Debian Debian Linux 7.0
4.3
CVSSv2
CVE-2016-0775
Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow prior to 3.1.1 allows remote malicious users to cause a denial of service (crash) via a crafted FLI file.
Python Pillow
Debian Debian Linux 8.0
Debian Debian Linux 7.0
2.1
CVSSv2
CVE-2014-1933
The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and previous versions and Pillow prior to 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the ...
Python Pillow
Pythonware Python Imaging Library
NA
CVE-2023-50447
Pillow up to and including 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).
Python Pillow
Debian Debian Linux 10.0
NA
CVE-2023-44271
An issue exists in Pillow prior to 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance...
Python Pillow
Fedoraproject Fedora 38
NA
CVE-2022-45199
Pillow prior to 9.3.0 allows denial of service via SAMPLESPERPIXEL.
Python Pillow
NA
CVE-2022-45198
Pillow prior to 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).
Python Pillow
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5