pillow vulnerabilities and exploits

(subscribe to this query)

4.3

CVSSv2

Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file....

5

CVSSv2

PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size....

4.3

CVSSv2

In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer....

1 Github repository available

4.3

CVSSv2

Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c....

1 Github repository available

6.8

CVSSv2

In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c....

1 Github repository available

5

CVSSv2

There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit....

4.3

CVSSv2

In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file....

1 Github repository available

6.8

CVSSv2

In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode....

5.8

CVSSv2

In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations....

5

CVSSv2

The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image....

1 2 3 NEXT »