Lucene search
+L

8 matches found

osv
osv
added 2 days ago4 views

CVE-2026-59204 Pillow JPEG2000 tiled decode retains a growing scratch buffer and can be used for denial of service

Pillow is a Python imaging library. From 8.2.0 through 12.2.0, src/libImaging/Jpeg2KDecode.c accumulates totalcomponentwidth across every tile in a JPEG2000 image instead of recomputing it per tile, allowing a crafted tiled JPEG2000 file to force substantially higher transient memory usage and...

8.7CVSS6.1AI score0.00398EPSS
Exploits1References6
euvd
euvd
added 2026/07/06 6:50 p.m.6 views

EUVD-2026-41901

Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile.open read image dimensions from the GD 2.x header and stored them in self.size without calling Image.decompressionbombcheck, allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This iss...

7.5CVSS6AI score0.00361EPSS
Exploits1References3
amazon
amazon
added 2024/02/05 12:0 a.m.47 views

Important: python-pillow

Issue Overview: Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 which was about the expression parameter. CVE-2023-50447 Affected Packages: python-pillow Note: This advisory is applicable to Amaz...

9.8CVSS9.2AI score0.03399EPSS
Exploits0
bdu_fstec
bdu_fstec
added 2021/10/27 12:0 a.m.7 views

The vulnerability of the Convert.c component in the Pillow image processing library, related to buffer overflow in memory, allows an attacker to access confidential data, compromise its integrity, and cause service interruptions.

The vulnerability of the Convert.c component in the Pillow image processing library relates to the ability to pass parameters directly to the function. Exploiting this vulnerability can allow a remote attacker to gain access to confidential data, compromise its integrity, and cause service failur...

10CVSS6.9AI score0.03162EPSS
Exploits0References12Affected Software4
alpinelinux
alpinelinux
added 2021/06/02 12:0 a.m.37 views

CVE-2021-28676

An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load...

7.5CVSS8.4AI score0.02453EPSS
Exploits0
cnnvd
cnnvd
added 2021/04/13 12:0 a.m.4 views

Pillow 缓冲区错误漏洞

Python Imaging Library PIL is a free library for the Python programming language that supports opening, manipulating, and saving a wide range of image file formats.Pillow is a PIL branch. An out-of-bounds read vulnerability exists in the j2kugrayi function in J2kDecode in versions of Pillow prior...

9.1CVSS5.5AI score0.02342EPSS
Exploits0References11
bdu_fstec
bdu_fstec
added 2020/12/22 12:0 a.m.6 views

The vulnerability of the _open_index function in the FpxImagePlugin.py library, a library for working with images from Pillow, related to integer overflow, allows a hacker to cause a service failure.

The vulnerability of the openindex function in the FpxImagePlugin.py library, a library for working with images, relates to a lack of mechanisms for controlling resource consumption. Exploiting this vulnerability allows an attacker who operates remotely to cause service interruptions...

5CVSS6.5AI score0.02118EPSS
Exploits0References12Affected Software5
bdu_fstec
bdu_fstec
added 2020/12/22 12:0 a.m.9 views

The vulnerability of the Pillow image processing library, related to unlimited resource distribution, allows a hacker to cause a service failure.

The vulnerability of the Pillow image processing library is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures by creating specially crafted image files...

7.8CVSS6.4AI score0.03154EPSS
Exploits0References6Affected Software5
Rows per page
Query Builder