Lucene search
K
PythonPillow

7 matches found

CVE
CVE
added 2024/04/03 12:0 a.m.430 views

CVE-2024-28219

CVE-2024-28219 affects the Pillow Python imaging library. In _imagingcms.c, a buffer overflow was introduced because strcpy was used instead of a safer copy like strncpy, impacting Pillow before version 10.3.0. The issue filename and function indicate a likely overflow related to fixed-length str...

6.7CVSS6.8AI score0.00989EPSS
CVE
CVE
added 2022/01/07 12:0 a.m.294 views

CVE-2022-22816

CVE-2022-22816 affects Pillow’s image path handling. The vulnerability is a buffer over-read in path_getbbox() inside path.c during initialization of ImagePath.Path, present in Pillow versions before 9.0.0. The flaw can allow reading memory outside the intended bounds. The issue is mitigated by u...

6.5CVSS7.9AI score0.01957EPSS
CVE
CVE
added 2022/01/07 12:0 a.m.292 views

CVE-2022-22815

Summary (supported by provided docs): CVE-2022-22815 concerns the Pillow Python imaging library. The issue is in path_getbbox() within path.c where ImagePath.Path is improperly initialized, enabling a buffer over-read/improper initialization that can cause memory access errors or crashes. Connect...

6.5CVSS7.7AI score0.02556EPSS
CVE
CVE
added 2021/03/19 3:30 a.m.287 views

CVE-2021-25292

Pillow (Python Imaging Library fork) prior to 8.1.1 is affected by a vulnerability in its PDF format parser that allows a regular expression DoS (ReDoS) via a crafted PDF file due to a catastrophic backtracking regex. This can impact availability as indicated by the CVSS vector in the CVE entry, ...

6.5CVSS7.4AI score0.01635EPSS
CVE
CVE
added 2016/04/13 4:0 p.m.189 views

CVE-2016-2533

CVE-2016-2533 affects Pillow and PIL prior to versions that fix the ImagingPcdDecode function in PcdDecode.c. A crafted PhotoCD file can cause a remote denial of service (crash) due to a buffer overflow in Pillow before 3.1.1 and PIL 1.1.7 and earlier. In all connected sources, the vulnerability ...

6.5CVSS6.2AI score0.03998EPSS
CVE
CVE
added 2016/04/13 4:0 p.m.156 views

CVE-2016-0775

Pillow (Python Imaging Library fork) contains a buffer overflow in ImagingFliDecode (libImaging/FliDecode.c) that affects versions before 3.1.1. A crafted FLI file can crash the process (DoS) or, per some sources, enable arbitrary code execution in affected contexts. The issue is documented acros...

6.5CVSS6.2AI score0.02689EPSS
CVE
CVE
added 2016/04/13 4:0 p.m.136 views

CVE-2016-0740

Pillow vulnerability CVE-2016-0740: Buffer overflow in ImagingLibTiffDecode (libImaging/TiffDecode.c) allows remote attackers to overwrite memory via a crafted TIFF file. Affected software: Pillow prior to 3.1.1. Impact is memory corruption; exploitation requires processing a malformed TIFF. Reme...

6.5CVSS6.4AI score0.0236EPSS