Astra Linux – Vulnerability in pillow

In Pillow before 8.1.0, PcxDecode has a buffer over-reading issue when decoding a crafted PCX file, because the user-supplied stride value is trusted for buffer calculations...

Astra Linux – Vulnerability in pillow

A issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c...

Astra Linux – Vulnerability in pillow

In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files, due to improper handling of offset and length tables...

Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing

A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to trigger a denial of service DoS by providing a specially crafted FITS image file. The library's failure to limit the amount of GZIP-compressed data during decoding can lead to unbounded memory...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses pillow-11.3.0 which is vulnerable to CVE-2026-40192

Summary IBM Maximo Application Suite - Visual Inspection component uses pillow-11.3.0 which is vulnerable to CVE-2026-40192, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-40192 DESCRIPTION: Pillow is a Python imaging...

Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing

A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to trigger a denial of service DoS by providing a specially crafted FITS image file. The library's failure to limit the amount of GZIP-compressed data during decoding can lead to unbounded memory...

Security Bulletin: IBM Edge Data Collector uses pillow-12.1.1-cp314-cp314-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl which is vulnerable to CVE-2026-40192

Summary IBM Edge Data Collector Component uses pillow-12.1.1-cp314-cp314-manylinux227x8664.manylinux228x8664.whl which is vulnerable to CVE-2026-40192. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-40192 DESCRIPTION: Pillow is a Python imagi...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-pillow (UTSA-2026-016601)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016601 advisory. pathgetbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. Tenable has extracted the preceding description block...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-pillow (UTSA-2026-016594)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016594 advisory. pathgetbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. Tenable has extracted the preceding description block directly from the Unity Lin...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-pillow (UTSA-2026-016600)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016600 advisory. Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL. Tenable has extracted the preceding description block directly from the Unity Linux security...

Astra Linux - уязвимость в pillow

In Pillow before 8.1.2, attackers can cause a denial of service due to excessive memory consumption. This occurs because the reported size of the contained image is not properly checked for a BLP container. As a result, a memory allocation attempt can be quite large...

Astra Linux – Vulnerability in pillow

A issue was discovered in Pillow prior to version 10.0.0. It is a denial-of-service attack where memory is uncontrollably allocated to processing a given task, potentially causing a service to crash due to running out of memory. This occurs for truetype in ImageFont when textlength in an ImageDra...

Astra Linux - уязвимость в pillow

A issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size...

SUSE CVE-2026-42309

Pillow is a Python imaging library. From version 11.2.1 to before version 12.2.0, passing nested lists as coordinates to APIs that accept coordinates such as ImagePath.Path, ImageDraw.ImageDraw.polygon and ImageDraw.ImageDraw.line could cause a heap buffer overflow, as nested lists were recursive...

Linux Distros Unpatched Vulnerability : CVE-2026-42309

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Pillow is a Python imaging library. From version 11.2.1 to before version 12.2.0, passing nested lists as coordinates to APIs that accept coordinates such as...

CVE-2026-42310

A flaw was found in Pillow, a Python imaging library. A remote attacker could supply a specially crafted malicious PDF file, causing the application to hang indefinitely and consume 100% CPU. This vulnerability leads to a Denial of Service DoS, making the application unresponsive...

BIT-PILLOW-2026-42309 Pillow: Heap buffer overflow with nested list coordinates

Pillow is a Python imaging library. From version 11.2.1 to before version 12.2.0, passing nested lists as coordinates to APIs that accept coordinates such as ImagePath.Path, ImageDraw.ImageDraw.polygon and ImageDraw.ImageDraw.line could cause a heap buffer overflow, as nested lists were recursive...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-pillow (UTSA-2026-017471)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017471 advisory. The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service ReDoS via the getrgb function. Tenable has extracted the preceding...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-pillow (UTSA-2026-017483)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017483 advisory. Pillow before 8.1.2 allows attackers to cause a denial of service memory consumption because the reported size of a contained image is not properly checked for an IC...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-pillow (UTSA-2026-017481)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017481 advisory. Pillow before 8.1.2 allows attackers to cause a denial of service memory consumption because the reported size of a contained image is not properly checked for a BLP...