Pillow Security Vulnerabilities and Issues — Pillow CVE List

Lucene search

PythonPillow

7 matches found

CVE•added 2024/04/03 3:15 a.m.•296 views

CVE-2024-28219

In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.

6.7CVSS6.8AI score0.00095EPSS

CVE•added 2021/03/19 4:15 a.m.•251 views

CVE-2021-25292

An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.

6.5CVSS7.4AI score0.00162EPSS

CVE•added 2022/01/10 2:12 p.m.•249 views

CVE-2022-22816

path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.

6.5CVSS7.9AI score0.00149EPSS

CVE•added 2022/01/10 2:12 p.m.•244 views

CVE-2022-22815

path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.

6.5CVSS7.7AI score0.00095EPSS

CVE•added 2016/04/13 4:59 p.m.•167 views

CVE-2016-2533

Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file.

6.5CVSS6.2AI score0.02207EPSS

CVE•added 2016/04/13 4:59 p.m.•126 views

CVE-2016-0775

Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file.

6.5CVSS6.2AI score0.00598EPSS

CVE•added 2016/04/13 4:59 p.m.•118 views

CVE-2016-0740

Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file.

6.5CVSS6.4AI score0.00262EPSS