7 matches found
CVE-2024-28219
CVE-2024-28219 affects the Pillow Python imaging library. In _imagingcms.c, a buffer overflow was introduced because strcpy was used instead of a safer copy like strncpy, impacting Pillow before version 10.3.0. The issue filename and function indicate a likely overflow related to fixed-length str...
CVE-2022-22816
CVE-2022-22816 affects Pillow’s image path handling. The vulnerability is a buffer over-read in path_getbbox() inside path.c during initialization of ImagePath.Path, present in Pillow versions before 9.0.0. The flaw can allow reading memory outside the intended bounds. The issue is mitigated by u...
CVE-2022-22815
Summary (supported by provided docs): CVE-2022-22815 concerns the Pillow Python imaging library. The issue is in path_getbbox() within path.c where ImagePath.Path is improperly initialized, enabling a buffer over-read/improper initialization that can cause memory access errors or crashes. Connect...
CVE-2021-25292
Pillow (Python Imaging Library fork) prior to 8.1.1 is affected by a vulnerability in its PDF format parser that allows a regular expression DoS (ReDoS) via a crafted PDF file due to a catastrophic backtracking regex. This can impact availability as indicated by the CVSS vector in the CVE entry, ...
CVE-2016-2533
CVE-2016-2533 affects Pillow and PIL prior to versions that fix the ImagingPcdDecode function in PcdDecode.c. A crafted PhotoCD file can cause a remote denial of service (crash) due to a buffer overflow in Pillow before 3.1.1 and PIL 1.1.7 and earlier. In all connected sources, the vulnerability ...
CVE-2016-0775
Pillow (Python Imaging Library fork) contains a buffer overflow in ImagingFliDecode (libImaging/FliDecode.c) that affects versions before 3.1.1. A crafted FLI file can crash the process (DoS) or, per some sources, enable arbitrary code execution in affected contexts. The issue is documented acros...
CVE-2016-0740
Pillow vulnerability CVE-2016-0740: Buffer overflow in ImagingLibTiffDecode (libImaging/TiffDecode.c) allows remote attackers to overwrite memory via a crafted TIFF file. Affected software: Pillow prior to 3.1.1. Impact is memory corruption; exploitation requires processing a malformed TIFF. Reme...