Pillow@* Security Vulnerabilities and Issues — Pillow@* CVE List

Lucene search

PythonPillow*

6 matches found

CVE•added 2016/04/13 4:59 p.m.•167 views

CVE-2016-2533

Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file.

6.5CVSS6.2AI score0.02195EPSS

CVE•added 2016/04/13 4:59 p.m.•126 views

CVE-2016-0775

Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file.

6.5CVSS6.2AI score0.01369EPSS

CVE•added 2016/11/04 10:59 a.m.•126 views

CVE-2016-9190

Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component.

7.8CVSS7.9AI score0.00566EPSS

CVE•added 2016/11/04 10:59 a.m.•123 views

CVE-2016-9189

Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component.

5.5CVSS5.9AI score0.00358EPSS

CVE•added 2016/04/13 4:59 p.m.•118 views

CVE-2016-0740

Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file.

6.5CVSS6.4AI score0.0026EPSS

CVE•added 2016/04/13 4:59 p.m.•89 views

CVE-2016-4009

Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow.

10CVSS8.8AI score0.03498EPSS