CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

17 matches found

Amazon•added 2026/05/26 12:0 a.m.•9 views

Important: python-pillow

Issue Overview: Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0. CVE-2026-42308 Pillow is...

8.6CVSS7.4AI score0.0002EPSS

Exploits0

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в pillow

In Pillow before 8.1.2, attackers can cause a denial of service due to excessive memory consumption. This occurs because the reported size of the contained image is not properly checked for an ICNS container. As a result, a memory allocation attempt can be quite large...

7.5CVSS6.9AI score0.00309EPSS

Exploits0References1

EUVD•added 2026/05/09 4:11 a.m.•8 views

EUVD-2026-28903

Pillow is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution. This issue has been patched in version 12.2.0...

8.6CVSS6AI score0.0002EPSS

Exploits0References4

Tenable Nessus•added 2026/05/09 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-42308

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the...

5.5CVSS7.1AI score0.00015EPSS

Exploits0References4

Snyk•added 2026/05/04 8:19 p.m.•5 views

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop in trailer handling in PIL/PdfParser.py. An attacker can cause the application to consume excessive CPU by supplying a malicious file that creates a cyclic reference in the trailer's Prev pointer. Remediation Upgrade pillo...

7.5CVSS5.8AI score0.00012EPSS

Exploits0References2

OSV•added 2026/02/13 12:0 a.m.•2 views

OPENSUSE-SU-2026:10198-1 python311-Pillow-12.1.1-1.1 on GA media

These are all security issues fixed in the python311-Pillow-12.1.1-1.1 package on the GA media of openSUSE Tumbleweed...

8.6CVSS5.8AI score0.00014EPSS

Exploits1References1

Snyk•added 2026/02/11 2:22 p.m.•3 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the setimage functions in encode.c and decode.c, which are exploitable via Image.open. An attacker can execute arbitrary code by supplying a malicious PSD image file. Remediation Upgrade pillow to version 12.1.1 o...

8.6CVSS6.1AI score0.00014EPSS

Exploits1References2

Debian CVE•added 2025/07/01 6:33 p.m.•5 views

CVE-2025-48379

Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large 64k encoded with default settings image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save...

7.1CVSS6AI score0.00103EPSS

Exploits1

OSV•added 2022/11/14 7:15 a.m.•50 views

PYSEC-2022-42980

Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL...

7.5CVSS3.7AI score0.00154EPSS

Exploits0References4

OSV•added 2022/11/11 11:4 a.m.•2 views

OESA-2022-2086 python-pillow security update

Security Fixes: Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.CVE-2022-24303...

9.1CVSS6.9AI score0.02197EPSS

Exploits0References2

OSV•added 2021/03/19 4:15 a.m.•0 views

PYSEC-2021-37

An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries...

7.5CVSS6.9AI score0.00459EPSS

Exploits0References2

UbuntuCve•added 2021/03/03 9:15 a.m.•26 views

CVE-2021-27921

Pillow before 8.1.2 allows attackers to cause a denial of service memory consumption because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large...

7.5CVSS6.9AI score0.00418EPSS

Exploits0References3

OSV•added 2020/06/25 7:15 p.m.•0 views

UBUNTU-CVE-2020-10379

In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c...

7.8CVSS6.7AI score0.0036EPSS

Exploits0References7

Positive Technologies•added 2020/06/25 12:0 a.m.•2 views

PT-2020-12049 · Python Imaging Library +2 · Pillow +2

Name of the Vulnerable Software and Affected Versions: Pillow versions prior to 7.1.0 Pillow versions 7.x prior to 7.0.1 Pillow version 6.2.3 and earlier Description: The issue involves two Buffer Overflows in libImaging/TiffDecode.c. This affects Pillow, where the buffer overflows can occur due ...

8.7CVSS6.3AI score0.00424EPSS

Exploits0References40

OSV•added 2020/01/03 1:15 a.m.•1 views

PYSEC-2020-84

libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow...

7.1CVSS7AI score0.00571EPSS

Exploits0References7

UbuntuCve•added 2016/11/04 12:0 a.m.•19 views

CVE-2016-9189

Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.mapbuffer in map.c component...

5.5CVSS6.8AI score0.00358EPSS

Exploits0References4

OSV•added 2016/04/13 4:59 p.m.•1 views

DEBIAN-CVE-2016-4009

Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow...

9.8CVSS10AI score0.05263EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by