Lucene search
K
PythonPillow

65 matches found

CVE
CVE
added 2014/04/17 2:0 p.m.95 views

CVE-2014-1933

CVE-2014-1933 and related flaws affect Python Imaging Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1, where temporary-file handling and command-line file-name usage enable local and symlink-based attacks (e.g., load_djpeg, EpsImagePlugin.py, IptcImagePlugin.py, Image.py). Root causes inc...

2.1CVSS7.3AI score0.00448EPSS
CVE
CVE
added 2014/04/27 8:0 p.m.80 views

CVE-2014-3007

The CVE-2014-3007 entry concerns Python Imaging Library (PIL) 1.1.7 and earlier and Pillow 2.3, where command injection could occur via shell metacharacters. Description states vulnerable components include PIL/Pillow-related code and mentions CVE-2014-1932 with possible involvement of JpegImageP...

10CVSS7.8AI score0.12055EPSS
CVE
CVE
added 2017/04/24 6:0 p.m.74 views

CVE-2016-3076

Summary. CVE-2016-3076 is a heap-based buffer overflow in Pillow’s j2k_encode_entry function, affecting Pillow 2.5.0–3.1.1 and enabling memory corruption/DoS via a crafted JPEG2000 file. Root cause. Heap overflow in j2k_encode_entry. Impact. Denial of service through memory corruption; exploited ...

5.5CVSS5.3AI score0.02561EPSS
CVE
CVE
added 2026/02/11 8:53 p.m.65 views

CVE-2026-25990

CVE-2026-25990 : Pillow (Python Imaging Library) contains an out-of-bounds write when loading a specially crafted PSD image. Affected versions are 10.3.0 up to before 12.1.1; the issue is fixed in 12.1.1. The provided documents do not specify exploit status or in-the-wild details beyond this fix.

8.6CVSS6.4AI score0.00367EPSS
CVE
CVE
added 2026/05/09 4:9 a.m.59 views

CVE-2026-42308

Pillow CVE-2026-42308 describes an integer overflow in font handling that occurs when a glyph advances by an excessively large amount. Affected is Pillow before version 12.2.0; the issue is resolved in 12.2.0. The CVSS vector indicates local, low complexity access with no privileges required and ...

5.5CVSS5.8AI score0.00114EPSS
CVE
CVE
added 2026/04/15 10:53 p.m.57 views

CVE-2026-40192

Pillow (Python imaging library) versions 10.3.0–12.1.1 are affected by a FITS-related decompression bomb: unbounded memory consumption from GZIP data during decoding, potentially leading to DoS. A fix is available in Pillow 12.2.0; if upgrading isn’t possible, users should avoid opening FITS imag...

8.7CVSS5.8AI score0.00671EPSS
CVE
CVE
added 2026/05/09 4:10 a.m.55 views

CVE-2026-42310

CVE-2026-42310 affects the Pillow Python imaging library. The vulnerability lies in the PdfParser logic: Pdf trailers’ Prev pointers can reference already-processed offsets, creating a cycle that causes an infinite loop and 100% CPU usage, potentially hanging the process. Affected versions are Pi...

5.5CVSS5.7AI score0.00126EPSS
CVE
CVE
added 2015/05/01 3:0 p.m.54 views

CVE-2014-3598

CVE-2014-3598 affects the Python Pillow library. The vulnerability is in the Jpeg2KImagePlugin and is exploitable via a crafted image, allowing a denial-of-service condition. It concerns Pillow versions before 2.5.3; upgrading to 2.5.3 or newer mitigates the issue (per linked advisories and CVE r...

5CVSS6.5AI score0.01991EPSS
CVE
CVE
added 2026/05/09 4:8 a.m.25 views

CVE-2026-42309

CVE-2026-42309 affects the Pillow Python imaging library. From 11.2.1 up to 11.2.x before 12.2.0, passing nested lists as coordinates to APIs like ImagePath.Path, ImageDraw.ImageDraw.polygon, and ImageDraw.ImageDraw.line could cause a heap-based buffer overflow because nested coordinates were rec...

5.5CVSS5.8AI score0.00133EPSS
CVE
CVE
added 2026/05/09 4:11 a.m.24 views

CVE-2026-42311

CVE-2026-42311 affects the Pillow Python imaging library. From version 10.3.0 up to, but not including, 12.2.0, processing a malicious PSD file can trigger an out-of-bounds/invalid PSD tile extents write, leading to memory corruption with potential crash or arbitrary code execution. The issue has...

8.6CVSS6AI score0.0015EPSS
CVE
CVE
added 2026/07/06 6:46 p.m.22 views

CVE-2026-54059

Pillow (Python imaging library) contains CVE-2026-54059. The vulnerability affects PcfFontFile._load_bitmaps(), which reads glyph dimensions from the PCF METRICS section and passes them to Image.frombytes() without calling Image._decompression_bomb_check(). This can lead to excessive memory alloc...

7.5CVSS6AI score0.00354EPSS
CVE
CVE
added 2026/07/06 6:50 p.m.18 views

CVE-2026-55380

Pillow (Python imaging library) vulnerability: Prior to 12.3.0, in GdImageFile._open(), image dimensions were read from the GD 2.x header and stored in self._size without invoking Image._decompression_bomb_check(), allowing a crafted .gd file to trigger excessive C-heap allocation. Impact: potent...

7.5CVSS6AI score0.00361EPSS
CVE
CVE
added 2026/07/06 6:52 p.m.17 views

CVE-2026-55379

Pillow (Python imaging library) is affected by CVE-2026-55379. In older releases, PIL/BdfFontFile.py:bdf_char() read BBX width/height from a BDF font and passed attacker-controlled values to Image.new() without invoking Image._decompression_bomb_check(), bypassing the library’s decompression bomb...

7.5CVSS6AI score0.00364EPSS
CVE
CVE
added 2026/07/06 6:49 p.m.14 views

CVE-2026-54060

The issue affects Pillow (Python imaging library). In FontFile.compile(), per-glyph images were assembled into a single bitmap using Image.new("1", (xsize, ysize)) without calling Image._decompression_bomb_check(), enabling an attacker to trigger excessive memory allocation during conversion or s...

7.5CVSS6AI score0.00361EPSS
CVE
CVE
added 2026/07/06 6:44 p.m.13 views

CVE-2026-55798

Pillow vulnerability CVE-2026-55798 affects WindowsViewer.get_command() in Pillow prior to 12.3.0. It builds a shell command by unescaped file path injected into an f-string and passes it to subprocess.Popen(..., shell=True), enabling injection of arbitrary cmd.exe commands. Impact is limited to ...

4.5CVSS6AI score0.00136EPSS
Total number of security vulnerabilities65