Lucene search
+L

18 matches found

osv
osv
added 2 days ago3 views

DEBIAN-CVE-2026-59203

Pillow is a Python imaging library. From 12.0.0 through 12.2.0, Pillow's EPS parser in PIL/EpsImagePlugin.py accepts a negative byte count in the %%BeginBinary directive, allowing a crafted EPS file to cause Image.open to seek backwards to the same directive and parse it repeatedly in an infinite...

7.5CVSS6.1AI score0.0039EPSS
Exploits1References1
osv
osv
added 2 days ago3 views

CVE-2026-59203 Pillow EpsImagePlugin negative %%BeginBinary byte count causes infinite loop denial of service

Pillow is a Python imaging library. From 12.0.0 through 12.2.0, Pillow's EPS parser in PIL/EpsImagePlugin.py accepts a negative byte count in the %%BeginBinary directive, allowing a crafted EPS file to cause Image.open to seek backwards to the same directive and parse it repeatedly in an infinite...

5.3CVSS6.1AI score0.0039EPSS
Exploits1References6
redhat
redhat
added 2 days ago5 views

python-pillow: Pillow: Denial of Service via crafted GD 2.x image file

A flaw was found in Pillow, a Python imaging library. A remote attacker could exploit this vulnerability by providing a specially crafted GD 2.x image file. The GdImageFile.open function reads image dimensions without proper validation, leading to excessive memory allocation. This can result in a...

7.5CVSS6AI score0.00361EPSS
Exploits1References7
redhatcve
redhatcve
added 2026/06/02 10:2 p.m.15 views

CVE-2026-49136

Banana Slides through 0.4.0, patched in commit e8bc490, contains a path traversal vulnerability in the generateimage function within the AI service backend that allows unauthenticated attackers to read arbitrary image-format files outside the intended uploads directory by exploiting an incomplete...

8.7CVSS5.9AI score0.00417EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/01 7:9 p.m.35 views

CVE-2026-49136 Banana Slides 0.4.0 Path Traversal via generate_image() in ai_service.py

Banana Slides through 0.4.0, patched in commit e8bc490, contains a path traversal vulnerability in the generateimage function within the AI service backend that allows unauthenticated attackers to read arbitrary image-format files outside the intended uploads directory by exploiting an incomplete...

8.7CVSS0.00417EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/01 12:0 a.m.27 views

PT-2026-45559

Banana Slides through 0.4.0, patched in commit e8bc490, contains a path traversal vulnerability in the generate image function within the AI service backend that allows unauthenticated attackers to read arbitrary image-format files outside the intended uploads directory by exploiting an incomplet...

8.7CVSS5.9AI score0.00417EPSS
Exploits0References5
snyk
snyk
added 2026/05/04 8:20 p.m.9 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the setimage functions in encode.c and decode.c, which are exploitable via Image.open. An attacker can execute arbitrary code by supplying a malicious PSD image file with tile dimensions that trigger integer...

8.6CVSS7.2AI score0.00367EPSS
Exploits1References3
osv
osv
added 2026/02/11 2:22 p.m.5 views

GHSA-CFH3-3JMP-RVHC Pillow affected by out-of-bounds write when loading PSD images

Impact An out-of-bounds write may be triggered when loading a specially crafted PSD image. Pillow = 10.3.0 users are affected. Patches Pillow 12.1.1 will be released shortly with a fix for this. Workarounds Image.open has a formats parameter that can be used to prevent PSD images from being opene...

8.6CVSS5.8AI score0.00367EPSS
Exploits1References7
snyk
snyk
added 2026/02/11 2:22 p.m.4 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the setimage functions in encode.c and decode.c, which are exploitable via Image.open. An attacker can execute arbitrary code by supplying a malicious PSD image file. Remediation Upgrade pillow to version 12.1.1 o...

8.6CVSS6.1AI score0.00367EPSS
Exploits1References2
nessus
nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2019-13574

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In lib/minimagick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly...

7.8CVSS7.6AI score0.07639EPSS
Exploits1References2
nessus
nessus
added 2025/08/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2021-28675

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data...

5.5CVSS6.3AI score0.0096EPSS
Exploits0References2
prion
prion
added 2021/06/02 3:15 p.m.28 views

Design/Logic Flaw

An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load...

4.3CVSS6.8AI score0.0096EPSS
Exploits0References3Affected Software2
attackerkb
attackerkb
added 2021/06/02 3:15 p.m.2 views

CVE-2021-28675

An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load...

5.5CVSS5.4AI score0.0096EPSS
Exploits0References5
pypa
pypa
added 2021/06/02 3:15 p.m.10 views

PYSEC-2021-139

An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load...

5.5CVSS6.8AI score0.0096EPSS
Exploits0References3Affected Software1
veracode
veracode
added 2019/07/12 5:44 a.m.18 views

OS Command Injection

minimagick is vulnerable to OS command injection. The input to Image.open is passed directly to Kernelopen, which accepts the | character. This allows a remote attacker to inject arbitrary OS command via a malicious image filename...

7.8CVSS7.7AI score0.07639EPSS
Exploits1References7Affected Software1
osv
osv
added 2019/07/12 3:15 a.m.3 views

DEBIAN-CVE-2019-13574

In lib/minimagick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernelopen, which accepts a '|' character followed by a command...

7.8CVSS7.8AI score0.07639EPSS
Exploits1References1
wpvulndb
wpvulndb
added 2014/08/01 10:59 a.m.10 views

dt-chocolate - Image Open redirect

The dt-chocolate WordPress theme was affected by an Image Open redirect security vulnerability...

2AI score
Exploits0References1Affected Software1
patchstack
patchstack
added 2014/08/01 12:0 a.m.10 views

WordPress DT Chocolate Theme - Image Open redirect

This theme is prone to an image open redirect vulnerability. Solution Update the theme...

2AI score
Exploits0References1Affected Software1
Rows per page
Query Builder