Lucene search
K

7 matches found

EUVD
EUVD
added 6 days ago5 views

EUVD-2026-41901

Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile.open read image dimensions from the GD 2.x header and stored them in self.size without calling Image.decompressionbombcheck, allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This iss...

7.5CVSS6AI score0.00361EPSS
Exploits1References3
Amazon
Amazon
added 2024/02/05 12:0 a.m.47 views

Important: python-pillow

Issue Overview: Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 which was about the expression parameter. CVE-2023-50447 Affected Packages: python-pillow Note: This advisory is applicable to Amaz...

9.8CVSS9.2AI score0.03399EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2021/10/27 12:0 a.m.6 views

The vulnerability of the Convert.c component in the Pillow image processing library, related to buffer overflow in memory, allows an attacker to access confidential data, compromise its integrity, and cause service interruptions.

The vulnerability of the Convert.c component in the Pillow image processing library relates to the ability to pass parameters directly to the function. Exploiting this vulnerability can allow a remote attacker to gain access to confidential data, compromise its integrity, and cause service failur...

10CVSS6.9AI score0.03162EPSS
Exploits0References12Affected Software4
AlpineLinux
AlpineLinux
added 2021/06/02 12:0 a.m.37 views

CVE-2021-28676

An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load...

7.5CVSS8.4AI score0.02453EPSS
Exploits0
CNNVD
CNNVD
added 2021/04/13 12:0 a.m.4 views

Pillow 缓冲区错误漏洞

Python Imaging Library PIL is a free library for the Python programming language that supports opening, manipulating, and saving a wide range of image file formats.Pillow is a PIL branch. An out-of-bounds read vulnerability exists in the j2kugrayi function in J2kDecode in versions of Pillow prior...

9.1CVSS5.5AI score0.02342EPSS
Exploits0References11
BDU FSTEC
BDU FSTEC
added 2020/12/22 12:0 a.m.7 views

The vulnerability of the Pillow image processing library, related to unlimited resource distribution, allows a hacker to cause a service failure.

The vulnerability of the Pillow image processing library is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures by creating specially crafted image files...

7.8CVSS6.4AI score0.03154EPSS
Exploits0References6Affected Software5
BDU FSTEC
BDU FSTEC
added 2020/12/22 12:0 a.m.6 views

The vulnerability of the _open_index function in the FpxImagePlugin.py library, a library for working with images from Pillow, related to integer overflow, allows a hacker to cause a service failure.

The vulnerability of the openindex function in the FpxImagePlugin.py library, a library for working with images, relates to a lack of mechanisms for controlling resource consumption. Exploiting this vulnerability allows an attacker who operates remotely to cause service interruptions...

5CVSS6.5AI score0.02118EPSS
Exploits0References12Affected Software5
Rows per page
Query Builder