21 matches found
EUVD-2021-0177
Malware in sbrugna...
EUVD-2022-0198
Malicious code in bioql PyPI...
PT-2025-27574 · Pillow · Pillow
Name of the Vulnerable Software and Affected Versions: Pillow versions 11.2.0 through 11.2.x Description: The issue is a heap buffer overflow that occurs when writing a sufficiently large image in the DDS format. This happens because the library writes into a buffer without checking for available...
CVE-2024-28219
In imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy...
DLA-3768-1 pillow - security update
Bulletin has no description...
BIT-PILLOW-2020-35655
In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled...
BIT-PILLOW-2022-22815
pathgetbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path...
MGASA-2023-0164 Updated python-pillow packages fix security vulnerability
libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files. CVE-2022-30595 Improper Handling of Highly Compressed GIF Data Data Amplification. CVE-2022-45198...
CVE-2022-45198
Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data Data Amplification...
PYSEC-2022-42979
Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data Data Amplification...
DLA-2893-1 pillow - security update
Bulletin has no description...
DSA-5053-1 pillow - security update
Bulletin has no description...
Denial Of Service (DoS)
pillow is vulnerable to denial of service. An out-of-bounds read in J2kDecode in j2kugrayala allows an attacker to crash the application...
PYSEC-2021-93
An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could...
Regular Expression Denial-of-Service (ReDoS)
pillow is vulnerable to regular expression denial of service. Usage of an insecure regex allows an attacker to cause excessive CPU consumption when parsing a malicious PDF file...
GHSA-8843-M7MW-MXQM Buffer overflow in Pillow
In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c...
Arbitrary code using "crafted image file" approach affecting Pillow
Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component...
CVE-2016-9189
Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.mapbuffer in map.c component...
CVE-2016-2533
Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library PIL 1.1.7 and earlier allows remote attackers to cause a denial of service crash via a crafted PhotoCD file...
CVE-2014-3598
The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image...