CVE-2014-1933

CVE-2014-1933 and related flaws affect Python Imaging Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1, where temporary-file handling and command-line file-name usage enable local and symlink-based attacks (e.g., load_djpeg, EpsImagePlugin.py, IptcImagePlugin.py, Image.py). Root causes inc...

CVE-2014-3007

The CVE-2014-3007 entry concerns Python Imaging Library (PIL) 1.1.7 and earlier and Pillow 2.3, where command injection could occur via shell metacharacters. Description states vulnerable components include PIL/Pillow-related code and mentions CVE-2014-1932 with possible involvement of JpegImageP...

CVE-2016-3076

Summary. CVE-2016-3076 is a heap-based buffer overflow in Pillow’s j2k_encode_entry function, affecting Pillow 2.5.0–3.1.1 and enabling memory corruption/DoS via a crafted JPEG2000 file. Root cause. Heap overflow in j2k_encode_entry. Impact. Denial of service through memory corruption; exploited ...

CVE-2014-3598

CVE-2014-3598 affects the Python Pillow library. The vulnerability is in the Jpeg2KImagePlugin and is exploitable via a crafted image, allowing a denial-of-service condition. It concerns Pillow versions before 2.5.3; upgrading to 2.5.3 or newer mitigates the issue (per linked advisories and CVE r...

CVE-2026-42308

Pillow CVE-2026-42308 describes an integer overflow in font handling that occurs when a glyph advances by an excessively large amount. Affected is Pillow before version 12.2.0; the issue is resolved in 12.2.0. The CVSS vector indicates local, low complexity access with no privileges required and ...

CVE-2026-25990

CVE-2026-25990 : Pillow (Python Imaging Library) contains an out-of-bounds write when loading a specially crafted PSD image. Affected versions are 10.3.0 up to before 12.1.1; the issue is fixed in 12.1.1. The provided documents do not specify exploit status or in-the-wild details beyond this fix.

CVE-2026-40192

Pillow (Python imaging library) versions 10.3.0–12.1.1 are affected by a FITS-related decompression bomb: unbounded memory consumption from GZIP data during decoding, potentially leading to DoS. A fix is available in Pillow 12.2.0; if upgrading isn’t possible, users should avoid opening FITS imag...

CVE-2026-42310

CVE-2026-42310 affects the Pillow Python imaging library. The vulnerability lies in the PdfParser logic: Pdf trailers’ Prev pointers can reference already-processed offsets, creating a cycle that causes an infinite loop and 100% CPU usage, potentially hanging the process. Affected versions are Pi...

CVE-2026-42309

CVE-2026-42309 affects the Pillow Python imaging library. From 11.2.1 up to 11.2.x before 12.2.0, passing nested lists as coordinates to APIs like ImagePath.Path, ImageDraw.ImageDraw.polygon, and ImageDraw.ImageDraw.line could cause a heap-based buffer overflow because nested coordinates were rec...

CVE-2026-42311

CVE-2026-42311 affects the Pillow Python imaging library. From version 10.3.0 up to, but not including, 12.2.0, processing a malicious PSD file can trigger an out-of-bounds/invalid PSD tile extents write, leading to memory corruption with potential crash or arbitrary code execution. The issue has...