Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python pillow vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2016-3076
Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 up to and including 3.1.1 allows remote malicious users to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.
Python Pillow 2.5.0
Python Pillow 2.5.1
Python Pillow 2.5.2
Python Pillow 2.5.3
Python Pillow 2.6.0
Python Pillow 2.6.1
Python Pillow 2.6.2
Python Pillow 2.7.0
Python Pillow 2.8.0
Python Pillow 2.8.1
Python Pillow 2.8.2
Python Pillow 2.9.0
2 Github repositories
5
CVSSv2
CVE-2014-3589
PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow prior to 2.3.2 and 2.5.x prior to 2.5.2 allows remote malicious users to cause a denial of service via a crafted block size.
Debian Python-imaging -
Python Pillow
Python Pillow 2.3.0
Python Pillow 2.5.0
Python Pillow 2.5.1
Python Pillow 2.5.2
Opensuse Opensuse 13.2
9.8
CVSSv3
CVE-2016-4009
Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow prior to 3.1.1 allows remote malicious users to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow.
Python Pillow
9.8
CVSSv3
CVE-2021-25289
An issue exists in Pillow prior to 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.
Python Pillow
7.5
CVSSv3
CVE-2021-25291
An issue exists in Pillow prior to 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.
Python Pillow
6.5
CVSSv3
CVE-2021-25292
An issue exists in Pillow prior to 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.
Python Pillow
7.5
CVSSv3
CVE-2021-25293
An issue exists in Pillow prior to 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.
Python Pillow
7.5
CVSSv3
CVE-2022-45198
Pillow prior to 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).
Python Pillow
7.5
CVSSv3
CVE-2022-45199
Pillow prior to 9.3.0 allows denial of service via SAMPLESPERPIXEL.
Python Pillow
2.1
CVSSv2
CVE-2014-1933
The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and previous versions and Pillow prior to 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the ...
Python Pillow
Pythonware Python Imaging Library
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
kernel
CVE-2025-22654
CVE-2025-0108
memory leak
CVE-2025-1447
CVE-2025-24200
XML external entity
CVE-2025-25475
CVE-2024-13663
wedevs
bypass
rameez iqbal
visualizer
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »