139 matches found
CVE-2025-48379
Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large 64k encoded with default settings image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save...
PYSEC-2025-61
Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large 64k encoded with default settings image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save...
CVE-2025-48379
CVE-2025-48379 (Pillow) Vulnerability: Pillow (Python imaging library) versions 11.2.0 through before 11.3.0 contain a heap buffer overflow when saving large (>64k) images in DDS format, caused by writing into a buffer without checking available space. The issue affects users who save untruste...
CVE-2025-48379
Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large 64k encoded with default settings image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save...
Linux Distros Unpatched Vulnerability : CVE-2014-3589
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PIL/IcnsImagePlugin.py in Python Imaging Library PIL and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a...
RHSA-2020:0898 Red Hat Security Advisory: python-imaging security update
Bulletin has no description...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : Pillow vulnerability (USN-6744-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6744-1 advisory. Hugo van Kemenade discovered that Pillow was not properly performing bounds checks when processing an ICC...
USN-6744-2: Pillow vulnerability
USN-6744-1 fixed a vulnerability in Pillow Python 3. This update provides the corresponding updates for Pillow Python 2 in Ubuntu 20.04 LTS. Original advisory details: Hugo van Kemenade discovered that Pillow was not properly performing bounds checks when processing an ICC file, which could lead ...
[SECURITY] Fedora 39 Update: python-pillow-10.3.0-1.fc39
Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk tk interface, qt PIL image wrapper for Qt, devel developmen...
[SECURITY] [DLA 3768-1] pillow security update
Debian LTS Advisory DLA-3768-1 [email protected] https://www.debian.org/lts/security/ Sean Whitton March 22, 2024 https://wiki.debian.org/LTS Package : pillow Version : 5.4.1-2+deb10u5 CVE ID : CVE-2021-23437 CVE-2022-22817 CVE-2023-44271 Multiple vulnerabilities were discovered in the...
CVE-2023-50447
A vulnerability was found in Pillow, a popular Python imaging library. The flaw identified in the PIL.ImageMath.eval function enables arbitrary code execution by manipulating the environment parameter. Mitigation Mitigation for this issue is either not available or the currently available options...
UBUNTU-CVE-2023-50447
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 which was about the expression parameter...
Amazon Linux AMI : python-imaging (ALAS-2023-1787)
It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1787 advisory. Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the crafted image file approach, related to an Insecure Sign Extension issue affecting the ImagingNew in Storage.c...
Medium: python-imaging
Issue Overview: Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component. CVE-2016-9190 Affected Packages: python-imaging Issue...
Debian: Security Advisory (DLA-705-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-41-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-422-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE CVE-2014-1932
The 1 loaddjpeg function in JpegImagePlugin.py, 2 Ghostscript function in EpsImagePlugin.py, 3 load function in IptcImagePlugin.py, and 4 copy function in Image.py in Python Image Library PIL 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users...
SUSE CVE-2014-1933
The 1 JpegImagePlugin.py and 2 EpsImagePlugin.py scripts in Python Image Library PIL 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes...
SUSE CVE-2014-3589
PIL/IcnsImagePlugin.py in Python Imaging Library PIL and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size...