Lucene search
K
PythonPillow

23 matches found

CVE
CVE
added 2019/10/04 9:9 p.m.435 views

CVE-2019-16865

Pillow CVE-2019-16865 affects Pillow

7.5CVSS8.2AI score0.03154EPSS
CVE
CVE
added 2021/03/19 3:29 a.m.372 views

CVE-2021-25290

Pillow up to version 8.1.1 contains a vulnerability in the TIFF image reader: a negative-offset memcpy with an invalid size in TiffDecode.c. This can lead to memory corruption. The issue is documented as CVE-2021-25290 and is referenced in multiple advisories (e.g., Debian, AlmaLinux, Amazon Linu...

7.5CVSS8.3AI score0.02372EPSS
CVE
CVE
added 2020/01/03 12:52 a.m.357 views

CVE-2020-5313

Pillow (libImaging/FliDecode.c) has an FLI buffer overflow in versions before 6.2.2. Affected: Pillow/Python imaging library; root cause is an FLI decode buffer overflow. Impact is described as overflow in loading FLI images. Remediation: upgrade to Pillow 6.2.2 or later (per the CVE entry and ve...

7.1CVSS8.1AI score0.02752EPSS
CVE
CVE
added 2021/01/12 8:2 a.m.328 views

CVE-2020-35653

CVE-2020-35653 affects Pillow up to version 8.0.x, where the PCX decoder (PcxDecode) may trigger a buffer over-read when processing a crafted PCX file because the user-supplied stride is trusted for buffer calculations. The issue is documented across multiple adapters (e.g., Debian, Arch, AlmaLin...

7.1CVSS7.7AI score0.01498EPSS
CVE
CVE
added 2021/03/03 8:41 a.m.294 views

CVE-2021-27922

Pillow vulnerability CVE-2021-27922: Pillow before 8.1.2 can trigger excessive memory allocation when processing ICNS containers because the reported image size isn’t properly checked. This memory DoS is the explicit impact described in multiple sources (e.g., Astra Linux advisory referencing Pil...

7.5CVSS7.3AI score0.04851EPSS
CVE
CVE
added 2021/03/19 3:30 a.m.293 views

CVE-2021-25293

The CVE-2021-25293 issue is in Pillow prior to 8.1.1, caused by an out-of-bounds read in SGIRleDecode.c. Affected: Pillow up to version 8.1.1. Impact: information about the exact impact is described in the CVE entry; the connected documents confirm the vulnerability. Remediation: upgrade Pillow t...

7.5CVSS8.2AI score0.01601EPSS
CVE
CVE
added 2021/03/19 3:30 a.m.285 views

CVE-2021-25291

Pillow before 8.1.1 is affected by an out-of-bounds read in TiffDecode.c (TiffreadRGBATile) due to invalid tile boundaries. Root cause: boundary handling in TiffreadRGBATile as reported for CVE-2021-25291. According to linked advisories and release notes, remediation is to upgrade to Pillow 8.1.1...

7.5CVSS8.2AI score0.01425EPSS
CVE
CVE
added 2021/03/03 8:41 a.m.273 views

CVE-2021-27921

CVE-2021-27921 concerns Pillow (Python Imaging Library). Affected: Pillow up to 8.1.1/8.1.2 before 8.1.2. Issue: memory-allocating DoS due to the reported size of a contained image not being properly checked for BLP containers, allowing a very large allocation. Impact: potential denial of service...

7.5CVSS6.7AI score0.0317EPSS
CVE
CVE
added 2021/03/03 8:41 a.m.267 views

CVE-2021-27923

CVE-2021-27923 affects Pillow up to 8.1.1. It causes a denial-of-service via memory exhaustion because the reported size of a contained image is not properly checked for an ICO container, potentially triggering a very large memory allocation. Root cause: inadequate validation of ICO container ima...

7.5CVSS7.3AI score0.03071EPSS
CVE
CVE
added 2021/09/03 4:10 p.m.256 views

CVE-2021-23437

CVE-2021-23437 affects Pillow (Python Imaging Library): the getrgb function is vulnerable to a regular expression denial-of-service (ReDoS). Affected versions include 5.2.0 and earlier than 8.3.2. The issue can cause partial availability impact. The CVSS base score is 7.5 (HIGH) per NVD. Remediat...

7.5CVSS7.5AI score0.03154EPSS
CVE
CVE
added 2020/01/05 9:57 p.m.253 views

CVE-2019-19911

Summary (CVE-2019-19911) : Pillow before 6.2.2 contains a DoS vulnerability in FpxImagePlugin.py where range() is applied to an unvalidated 32‑bit integer when the number of bands is large. On 32‑bit Windows Python this can trigger OverflowError or MemoryError due to the 2 GB limit; on 64‑bit Lin...

7.5CVSS8.2AI score0.02118EPSS
CVE
CVE
added 2021/06/02 3:18 p.m.216 views

CVE-2021-28677

CVE-2021-28677 affects Pillow before 8.2.0. The EPSImageFile.readline implementation mishandles line endings (combination of \r and \n) using a quadratic accumulation method, enabling a DoS during the open phase before an image is opened. Connected sources reference Pillow’s fix in 8.2.0 and note...

7.5CVSS8.1AI score0.02293EPSS
CVE
CVE
added 2023/11/03 12:0 a.m.215 views

CVE-2023-44271

CVE-2023-44271 affects Pillow prior to 10.0.0, causing Denial of Service via uncontrolled memory allocation when using long text inputs in ImageDraw.textlength for truetype fonts. Multiple advisories (Debian, AlmaLinux/ALAS, Amazon Linux, CentOS/RHEL, Fedora) reference this vulnerability and reco...

7.5CVSS7.3AI score0.01038EPSS
CVE
CVE
added 2021/06/02 12:0 a.m.214 views

CVE-2021-28676

CVE-2021-28676 affects Pillow prior to 8.2.0. The flaw is in FLI data handling where FliDecode did not properly check that the block advance is non-zero, which can lead to an infinite loop while loading. This is documented across multiple sources (e.g., Pillow release notes, advisories) as a load...

7.5CVSS8.1AI score0.02453EPSS
CVE
CVE
added 2016/11/04 10:0 a.m.142 views

CVE-2016-9190

Pillow (Python Imaging Library) prior to version 3.3.2 is affected by CVE-2016-9190. The bug arises from an Insecure Sign Extension issue in ImagingNew within Storage.c, enabling context-dependent attackers to achieve arbitrary code execution via a crafted image file. Affected versions are Pillow...

7.8CVSS7.9AI score0.02026EPSS
CVE
CVE
added 2025/07/01 6:33 p.m.133 views

CVE-2025-48379

CVE-2025-48379 (Pillow) Vulnerability: Pillow (Python imaging library) versions 11.2.0 through before 11.3.0 contain a heap buffer overflow when saving large (>64k) images in DDS format, caused by writing into a buffer without checking available space. The issue affects users who save untruste...

7.1CVSS7.7AI score0.00259EPSS
CVE
CVE
added 2020/06/25 6:24 p.m.131 views

CVE-2020-10379

Summary: CVE-2020-10379 affects Pillow prior to 7.1.0, with two Buffer Overflows in libImaging/TiffDecode.c. This is documented in the CVE as a vulnerability with partial confidentiality, integrity, and availability impact (CVSS v3.1: 7.8, LOCAL, UI REQUIRED; CVSS v2: 6.8). The initial descriptio...

7.8CVSS7.6AI score0.01129EPSS
CVE
CVE
added 2022/11/14 12:0 a.m.128 views

CVE-2022-45198

CVE-2022-45198 affects Pillow up to version 9.2.0, where improper handling of highly compressed GIF data (Data Amplification) can cause abnormal resource usage. Public sources confirm Pillow prior to 9.2.0 is vulnerable; advisories reference upgrades to mitigate. Debian LTS notes Pillow updates (...

7.5CVSS7.4AI score0.01184EPSS
CVE
CVE
added 2022/11/14 12:0 a.m.126 views

CVE-2022-45199

CVE-2022-45199 affects the Python Pillow library. According to connected sources, Pillow versions before 9.3.0 are vulnerable to denial of service via the SAMPLESPERPIXEL pathway, with exploitation potentially impacting availability. The CVE is associated with a base score of 7.5 ( HIGH ) under N...

7.5CVSS7.2AI score0.01102EPSS
CVE
CVE
added last week20 views

CVE-2026-54059

Pillow (Python imaging library) contains CVE-2026-54059. The vulnerability affects PcfFontFile._load_bitmaps(), which reads glyph dimensions from the PCF METRICS section and passes them to Image.frombytes() without calling Image._decompression_bomb_check(). This can lead to excessive memory alloc...

7.5CVSS6AI score0.00354EPSS
CVE
CVE
added last week18 views

CVE-2026-55380

Pillow (Python imaging library) vulnerability: Prior to 12.3.0, in GdImageFile._open(), image dimensions were read from the GD 2.x header and stored in self._size without invoking Image._decompression_bomb_check(), allowing a crafted .gd file to trigger excessive C-heap allocation. Impact: potent...

7.5CVSS6AI score0.00361EPSS
CVE
CVE
added last week17 views

CVE-2026-55379

Pillow (Python imaging library) is affected by CVE-2026-55379. In older releases, PIL/BdfFontFile.py:bdf_char() read BBX width/height from a BDF font and passed attacker-controlled values to Image.new() without invoking Image._decompression_bomb_check(), bypassing the library’s decompression bomb...

7.5CVSS6AI score0.00364EPSS
CVE
CVE
added last week14 views

CVE-2026-54060

The issue affects Pillow (Python imaging library). In FontFile.compile(), per-glyph images were assembled into a single bitmap using Image.new("1", (xsize, ysize)) without calling Image._decompression_bomb_check(), enabling an attacker to trigger excessive memory allocation during conversion or s...

7.5CVSS6AI score0.00361EPSS