Pillow Security Vulnerabilities and Issues — Pillow CVE List

Lucene search

PythonPillow

11 matches found

CVE•added 2021/01/12 9:15 a.m.•224 views

CVE-2020-35655

In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.

5.8CVSS6.8AI score0.00504EPSS

CVE•added 2020/06/25 7:15 p.m.•213 views

CVE-2020-10177

Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c.

5.5CVSS6.3AI score0.00282EPSS

CVE•added 2021/06/02 3:15 p.m.•163 views

CVE-2021-28675

An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load.

5.5CVSS6.8AI score0.00088EPSS

CVE•added 2021/06/02 4:15 p.m.•161 views

CVE-2021-28678

An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data.

5.5CVSS6.8AI score0.00084EPSS

CVE•added 2016/11/04 10:59 a.m.•123 views

CVE-2016-9189

Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component.

5.5CVSS5.9AI score0.00358EPSS

CVE•added 2020/06/25 7:15 p.m.•113 views

CVE-2020-10378

In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer.

5.5CVSS6.2AI score0.00243EPSS

CVE•added 2020/06/25 7:15 p.m.•105 views

CVE-2020-10994

In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file.

5.5CVSS6.1AI score0.00391EPSS

CVE•added 2015/01/16 4:59 p.m.•84 views

CVE-2014-9601

Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed.

5CVSS6.2AI score0.01079EPSS

CVE•added 2014/08/25 2:55 p.m.•83 views

CVE-2014-3589

PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.

5CVSS6.4AI score0.01611EPSS

CVE•added 2017/04/24 6:59 p.m.•58 views

CVE-2016-3076

Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.

5.5CVSS5.3AI score0.00457EPSS

CVE•added 2015/05/01 3:59 p.m.•38 views

CVE-2014-3598

The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.

5CVSS6.5AI score0.00403EPSS