14 matches found
CVE-2020-35655
Pillow (before 8.1.0) contains a vulnerability in SGIRleDecode: a 4‑byte buffer over-read while decoding crafted SGI RLE images caused by mishandled offsets and length tables.
CVE-2020-10177
CVE-2020-10177 affects Pillow prior to 7.1.0, with multiple out-of-bounds reads in libImaging/FliDecode.c. Technical details across connected advisories confirm affected package is python-pillow and fixes are provided in Pillow 7.1.0+ (e.g., ALAS-2024-2648, ALAS2 advisories; Mageia notes referenc...
CVE-2021-28675
The CVE-2021-28675 issue affects Pillow (before 8.2.0). PSDImagePlugin.PsdImageFile does not perform a sanity check on the number of input layers relative to the data block size, enabling a potential Denial of Service when opening images with Image.open (prior to Image.load). Connected documents ...
CVE-2021-28678
CVE-2021-28678 affects Pillow prior to 8.2.0, where the BlpImagePlugin for BLP data failed to properly validate reads after seeking to file offsets. This can allow a denial-of-service by repeatedly decoding on empty data. Root cause: insufficient checks on data returned by reads in BlpImagePlugin...
CVE-2016-9189
CVE-2016-9189 concerns Pillow (Python Imaging Library fork). Affected: Pillow versions before 3.3.2. Root cause: integer overflow in Image.core.map_buffer within map.c that can be exploited via crafted image files. Impact: information disclosure (partial confidentiality) per CVSS data; local expl...
CVE-2020-10378
In Pillow, CVE-2020-10378 is an out-of-bounds read in the PCX decoding path. Specifically, in libImaging/PcxDecode.c, when reading PCX files, state->shuffle may be instructed to read beyond state->buffer, enabling an out-of-bounds access. This vulnerability is documented for Pillow releases...
CVE-2020-10994
CVE-2020-10994 affects Pillow, specifically in libImaging/Jpeg2KDecode.c. The vulnerability consists of multiple out-of-bounds reads when decoding JP2 files, as described in the CVE entry and corroborated by connected advisories. Affected versions are Pillow before 7.1.0; remediation is to upgrad...
CVE-2014-9601
CVE-2014-9601 affects the Pillow library (Python Imaging Library) prior to 2.7.0. A crafted PNG image containing a large compressed text chunk can cause a denial of service when decompressed, due to resource exhaustion. The connected advisories and entries (e.g., Pillow 2.7.0 release notes and re...
CVE-2014-3589
CVE-2014-3589 affects PIL/Pillow’s IcnsImagePlugin.py: Pillow and PIL before 2.3.2 and 2.5.x before 2.5.2 are vulnerable to a denial-of-service via a crafted block size. The root cause is an issue in image handling that allows remote attackers to trigger resource exhaustion. Affected products inc...
CVE-2016-3076
Summary. CVE-2016-3076 is a heap-based buffer overflow in Pillow’s j2k_encode_entry function, affecting Pillow 2.5.0–3.1.1 and enabling memory corruption/DoS via a crafted JPEG2000 file. Root cause. Heap overflow in j2k_encode_entry. Impact. Denial of service through memory corruption; exploited ...
CVE-2026-42308
Pillow CVE-2026-42308 describes an integer overflow in font handling that occurs when a glyph advances by an excessively large amount. Affected is Pillow before version 12.2.0; the issue is resolved in 12.2.0. The CVSS vector indicates local, low complexity access with no privileges required and ...
CVE-2026-42310
CVE-2026-42310 affects the Pillow Python imaging library. The vulnerability lies in the PdfParser logic: Pdf trailers’ Prev pointers can reference already-processed offsets, creating a cycle that causes an infinite loop and 100% CPU usage, potentially hanging the process. Affected versions are Pi...
CVE-2014-3598
CVE-2014-3598 affects the Python Pillow library. The vulnerability is in the Jpeg2KImagePlugin and is exploitable via a crafted image, allowing a denial-of-service condition. It concerns Pillow versions before 2.5.3; upgrading to 2.5.3 or newer mitigates the issue (per linked advisories and CVE r...
CVE-2026-42309
CVE-2026-42309 affects the Pillow Python imaging library. From 11.2.1 up to 11.2.x before 12.2.0, passing nested lists as coordinates to APIs like ImagePath.Path, ImageDraw.ImageDraw.polygon, and ImageDraw.ImageDraw.line could cause a heap-based buffer overflow because nested coordinates were rec...