Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pillow vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2021-25293
An issue exists in Pillow prior to 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.
Python Pillow
668
VMScore
CVE-2021-25289
An issue exists in Pillow prior to 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.
Python Pillow
385
VMScore
CVE-2021-25292
An issue exists in Pillow prior to 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.
Python Pillow
446
VMScore
CVE-2021-25290
An issue exists in Pillow prior to 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.
Python Pillow
Debian Debian Linux 9.0
445
VMScore
CVE-2021-27921
Pillow prior to 8.1.1 allows malicious users to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.
Python Pillow
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
445
VMScore
CVE-2021-27922
Pillow prior to 8.1.1 allows malicious users to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.
Python Pillow
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
445
VMScore
CVE-2021-27923
Pillow prior to 8.1.1 allows malicious users to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.
Python Pillow
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
516
VMScore
CVE-2020-35653
In Pillow prior to 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.
Python Pillow
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Debian Debian Linux 9.0
605
VMScore
CVE-2020-35654
In Pillow prior to 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.
Python Pillow
Fedoraproject Fedora 32
Fedoraproject Fedora 33
516
VMScore
CVE-2020-35655
In Pillow prior to 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.
Python Pillow
Fedoraproject Fedora 32
Fedoraproject Fedora 33
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »