Lucene search
K

2481 matches found

Fedora
Fedora
added 3 days ago7 views

[SECURITY] Fedora 44 Update: python-pillow-12.3.0-1.fc44

Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk tk interface, qt PIL image wrapper for Qt, devel developmen...

7.5CVSS6.1AI score0.00364EPSS
Exploits5
OSV
OSV
added 6 days ago6 views

BIT-PILLOW-2026-55798 Pillow: WindowsViewer.get_command() OS command injection via unescaped shell path

Pillow is a Python imaging library. Prior to 12.3.0, WindowsViewer.getcommand constructed a cmd.exe shell command by directly embedding a file path into an f-string without escaping and passed the result to subprocess.Popen..., shell=True, allowing shell metacharacters in the file path to inject...

4.5CVSS6AI score0.00136EPSS
Exploits1References6
OSV
OSV
added 6 days ago6 views

BIT-PILLOW-2026-55380 Pillow GdImageFile decompression bomb protection bypass

Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile.open read image dimensions from the GD 2.x header and stored them in self.size without calling Image.decompressionbombcheck, allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This iss...

7.5CVSS6AI score0.00361EPSS
Exploits1References4
OSV
OSV
added 6 days ago7 views

BIT-PILLOW-2026-55379 Pillow BdfFontFile`: `Image.new()` called without `_decompression_bomb_check()` — bomb protection bypass via font loading

Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdfchar read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new without calling Image.decompressionbombcheck, bypassing Pillow's documented decompression bomb protection...

7.5CVSS5.9AI score0.00364EPSS
Exploits1References4
OSV
OSV
added 6 days ago6 views

BIT-PILLOW-2026-54060 Pillow: `FontFile.compile()`: `Image.new()` called without `_decompression_bomb_check()`

Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile assembled per-glyph images into a combined bitmap with Image.new"1", xsize, ysize without calling Image.decompressionbombcheck, allowing a font to trigger excessive allocation during conversion or saving. This...

7.5CVSS5.9AI score0.00361EPSS
Exploits1References4
OSV
OSV
added 6 days ago7 views

BIT-PILLOW-2026-54059 Pillow: PcfFontFile._load_bitmaps()`: `Image.frombytes()` called without `_decompression_bomb_check()` — bomb protection bypass via PCF font loading

Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py loadbitmaps read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes without calling Image.decompressionbombcheck, allowing crafted PCF font data to cause excessive memory allocation. Thi...

7.5CVSS5.9AI score0.00354EPSS
Exploits1References4
OSV
OSV
added 6 days ago14 views

ROOT-APP-PYPI-CVE-2026-42311 CVE-2026-42311 in rootio-pillow - Patched by Root

Root has patched CVE-2026-42311 in the rootio-pillow package for Root:PyPI. Multiple fixed versions available...

7.8CVSS5.8AI score0.0015EPSS
Exploits0
OSV
OSV
added 6 days ago15 views

ROOT-APP-PYPI-CVE-2026-40192 CVE-2026-40192 in rootio-pillow - Patched by Root

Root has patched CVE-2026-40192 in the rootio-pillow package for Root:PyPI. Multiple fixed versions available...

7.5CVSS5.7AI score0.00671EPSS
Exploits0
OSV
OSV
added 6 days ago13 views

ROOT-APP-PYPI-CVE-2026-25990 CVE-2026-25990 in rootio-pillow - Patched by Root

Root has patched CVE-2026-25990 in the rootio-pillow package for Root:PyPI. Multiple fixed versions available...

7.5CVSS5.9AI score0.00367EPSS
Exploits1
OSV
OSV
added 6 days ago7 views

ROOT-APP-PYPI-CVE-2026-42310 CVE-2026-42310 in rootio-pillow - Patched by Root

Root has patched CVE-2026-42310 in the rootio-pillow package for Root:PyPI. Multiple fixed versions available...

5.5CVSS5.3AI score0.00126EPSS
Exploits0
OSV
OSV
added 6 days ago13 views

ROOT-APP-PYPI-CVE-2026-42308 CVE-2026-42308 in rootio-pillow - Patched by Root

Root has patched CVE-2026-42308 in the rootio-pillow package for Root:PyPI. Multiple fixed versions available...

5.5CVSS7.1AI score0.00114EPSS
Exploits0
OSV
OSV
added 6 days ago10 views

ROOT-APP-PYPI-CVE-2023-44271 CVE-2023-44271 in rootio-pillow - Patched by Root

Root has patched CVE-2023-44271 in the rootio-pillow package for Root:PyPI. Multiple fixed versions available...

7.5CVSS5.4AI score0.01038EPSS
Exploits0
OSV
OSV
added 6 days ago10 views

ROOT-APP-PYPI-CVE-2023-50447 CVE-2023-50447 in rootio-pillow - Patched by Root

Root has patched CVE-2023-50447 in the rootio-pillow package for Root:PyPI. Multiple fixed versions available...

8.1CVSS5.4AI score0.01703EPSS
Exploits0
OSV
OSV
added 6 days ago4 views

ROOT-APP-PYPI-CVE-2024-28219 CVE-2024-28219 in rootio-pillow - Patched by Root

Root has patched CVE-2024-28219 in the rootio-pillow package for Root:PyPI. Multiple fixed versions available...

6.7CVSS6.5AI score0.00989EPSS
Exploits0
OSV
OSV
added 6 days ago18 views

ROOT-APP-PYPI-CVE-2023-4863 CVE-2023-4863 in rootio-pillow - Patched by Root

Root has patched CVE-2023-4863 in the rootio-pillow package for Root:PyPI. Multiple fixed versions available...

8.8CVSS5.9AI score0.99735EPSS
Exploits9
Fedora
Fedora
added 6 days ago19 views

[SECURITY] Fedora 43 Update: python-pillow-jxl-plugin-1.3.7-2.fc43

Pillow plugin for JPEG-XL, using Rust for bindings...

5.9AI score
Exploits0
Fedora
Fedora
added 6 days ago15 views

[SECURITY] Fedora 44 Update: python-pillow-jxl-plugin-1.3.7-2.fc44

Pillow plugin for JPEG-XL, using Rust for bindings...

5.9AI score
Exploits0
SUSE CVE
SUSE CVE
added last week8 views

SUSE CVE-2026-42311

Pillow is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution. This issue has been patched in version 12.2.0...

8.6CVSS6.2AI score0.0015EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added last week13 views

SUSE CVE-2026-54059

Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py loadbitmaps read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes without calling Image.decompressionbombcheck, allowing crafted PCF font data to cause excessive memory allocation. Thi...

7.5CVSS6AI score0.00354EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added last week9 views

SUSE CVE-2026-54060

Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile assembled per-glyph images into a combined bitmap with Image.new"1", xsize, ysize without calling Image.decompressionbombcheck, allowing a font to trigger excessive allocation during conversion or saving. This...

7.5CVSS6AI score0.00361EPSS
Exploits1References3
Rows per page
Query Builder