Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
debian python-imaging - vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2022-22817
PIL.ImageMath.eval in Pillow prior to 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used.
Python Pillow
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
1 Github repository
6.4
CVSSv2
CVE-2022-22815
path_getbbox in path.c in Pillow prior to 9.0.0 improperly initializes ImagePath.Path.
Python Pillow
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
6.4
CVSSv2
CVE-2022-22816
path_getbbox in path.c in Pillow prior to 9.0.0 has a buffer over-read during initialization of ImagePath.Path.
Python Pillow
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
7.5
CVSSv2
CVE-2021-34552
Pillow up to and including 8.2.0 and PIL (aka Python Imaging Library) up to and including 1.1.7 allow an malicious user to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.
Python Pillow
Debian Debian Linux 9.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
5.8
CVSSv2
CVE-2020-35653
In Pillow prior to 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.
Python Pillow
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Debian Debian Linux 9.0
5
CVSSv2
CVE-2019-19911
There is a DoS vulnerability in Pillow prior to 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. ...
Python Pillow
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 30
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 16.04
7.5
CVSSv2
CVE-2020-5311
libImaging/SgiRleDecode.c in Pillow prior to 6.2.2 has an SGI buffer overflow.
Python Pillow
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Fedoraproject Fedora 30
Canonical Ubuntu Linux 19.10
Fedoraproject Fedora 31
7.5
CVSSv2
CVE-2020-5312
libImaging/PcxDecode.c in Pillow prior to 6.2.2 has a PCX P mode buffer overflow.
Python Pillow
Canonical Ubuntu Linux 16.04
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Fedoraproject Fedora 30
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
Fedoraproject Fedora 31
5.8
CVSSv2
CVE-2020-5313
libImaging/FliDecode.c in Pillow prior to 6.2.2 has an FLI buffer overflow.
Python Pillow
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Fedoraproject Fedora 30
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
Fedoraproject Fedora 31
Canonical Ubuntu Linux 16.04
2 Github repositories
4.3
CVSSv2
CVE-2016-0775
Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow prior to 3.1.1 allows remote malicious users to cause a denial of service (crash) via a crafted FLI file.
Python Pillow
Debian Debian Linux 8.0
Debian Debian Linux 7.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »