Lucene search
K

319 matches found

RedhatCVE
RedhatCVE
added last week5 views

CVE-2026-54060

A flaw was found in Pillow, a Python imaging library. When processing a specially crafted font file, the library's font compilation function does not adequately check for excessive memory allocation. This oversight allows a remote attacker to trigger an unreasonable consumption of system memory,...

7.5CVSS5.9AI score0.00361EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added last week4 views

CVE-2026-55380

A flaw was found in Pillow, a Python imaging library. A remote attacker could exploit this vulnerability by providing a specially crafted GD 2.x image file. The GdImageFile.open function reads image dimensions without proper validation, leading to excessive memory allocation. This can result in a...

7.5CVSS5.9AI score0.00361EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/07/07 9:7 a.m.6 views

CVE-2026-55379

A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to cause a Denial of Service DoS by providing a specially crafted BDF font file. The library's image processing function fails to properly validate dimensions from the font file, bypassing a critical...

7.5CVSS6AI score0.00364EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/07/07 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-55380

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile.open read image dimensions from the GD 2.x header and stored them in self.si...

7.5CVSS6.1AI score0.00361EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/07/07 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-54059

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py loadbitmaps read glyph dimensions from the PCF METRICS section and passed them directly ...

7.5CVSS6.2AI score0.00354EPSS
Exploits1References4
OSV
OSV
added 2026/07/06 6:52 p.m.4 views

CVE-2026-55379 Pillow BdfFontFile`: `Image.new()` called without `_decompression_bomb_check()` — bomb protection bypass via font loading

Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdfchar read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new without calling Image.decompressionbombcheck, bypassing Pillow's documented decompression bomb protection...

7.5CVSS6AI score0.00364EPSS
Exploits1References5
CVE
CVE
added 2026/07/06 6:50 p.m.18 views

CVE-2026-55380

Pillow (Python imaging library) vulnerability: Prior to 12.3.0, in GdImageFile._open(), image dimensions were read from the GD 2.x header and stored in self._size without invoking Image._decompression_bomb_check(), allowing a crafted .gd file to trigger excessive C-heap allocation. Impact: potent...

7.5CVSS6AI score0.00361EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2026/07/06 6:46 p.m.6 views

CVE-2026-54059

Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py loadbitmaps read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes without calling Image.decompressionbombcheck, allowing crafted PCF font data to cause excessive memory allocation. Thi...

7.5CVSS6AI score0.00354EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.7 views

PT-2026-55965

Name of the Vulnerable Software and Affected Versions Pillow versions prior to 12.3.0 Description In the Python imaging library, the GdImageFile. open function in PIL/GdImageFile.py reads image dimensions from the GD 2.x header and stores them in self. size without invoking Image. decompression...

7.5CVSS5.9AI score0.00361EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2026/07/01 5:31 p.m.4 views

Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing

A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to trigger a denial of service DoS by providing a specially crafted FITS image file. The library's failure to limit the amount of GZIP-compressed data during decoding can lead to unbounded memory...

8.7CVSS7.1AI score0.00671EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/07/01 5:30 p.m.6 views

Important: Red Hat Security Advisory: Satellite 6.17.9 Async Update

A new release is now available for Red Hat Satellite 6.17 for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

8.8CVSS7.1AI score0.00671EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.10 views

EulerOS 2.0 SP15 : python-pillow (EulerOS-SA-2026-2502)

According to the versions of the python-pillow packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP- compressed data read when decoding a...

8.7CVSS7.2AI score0.00671EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.7 views

RHEL 9 : Satellite 6.18.6 Async Update (Important) (RHSA-2026:28385)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28385 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity t...

8.9CVSS6.8AI score0.00534EPSS
Exploits1References13
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.12 views

RHEL 8 / 9 : Satellite 6.16.9 Async Update (Important) (RHSA-2026:27076)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:27076 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessi...

9.1CVSS7.3AI score0.01557EPSS
Exploits3References20
RedHat Linux
RedHat Linux
added 2026/06/18 5:24 p.m.7 views

Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing

A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to trigger a denial of service DoS by providing a specially crafted FITS image file. The library's failure to limit the amount of GZIP-compressed data during decoding can lead to unbounded memory...

8.7CVSS7.2AI score0.00671EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 10:3 a.m.15 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses pillow-11.3.0 which is vulnerable to CVE-2026-40192

Summary IBM Maximo Application Suite - Visual Inspection component uses pillow-11.3.0 which is vulnerable to CVE-2026-40192, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-40192 DESCRIPTION: Pillow is a Python imaging...

8.7CVSS7.3AI score0.00671EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/09 11:19 a.m.8 views

Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing

A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to trigger a denial of service DoS by providing a specially crafted FITS image file. The library's failure to limit the amount of GZIP-compressed data during decoding can lead to unbounded memory...

8.7CVSS7.2AI score0.00671EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/29 10:34 a.m.19 views

Security Bulletin: IBM Edge Data Collector uses pillow-12.1.1-cp314-cp314-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl which is vulnerable to CVE-2026-40192

Summary IBM Edge Data Collector Component uses pillow-12.1.1-cp314-cp314-manylinux227x8664.manylinux228x8664.whl which is vulnerable to CVE-2026-40192. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-40192 DESCRIPTION: Pillow is a Python imagi...

8.7CVSS7.1AI score0.00671EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.20 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-pillow (UTSA-2026-016601)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016601 advisory. pathgetbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. Tenable has extracted the preceding description block...

6.5CVSS6AI score0.01957EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.9 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-pillow (UTSA-2026-016600)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016600 advisory. Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL. Tenable has extracted the preceding description block directly from the Unity Linux security...

7.5CVSS6.9AI score0.01102EPSS
Exploits0References4
Rows per page
Query Builder