Lucene search
K
PythonPillow

7 matches found

CVE
CVE
β€’added 2024/01/19 12:0 a.m.β€’527 views

CVE-2023-50447

Summary: CVE-2023-50447 affects Pillow up to 10.1.0, enabling Arbitrary Code Execution via the environment parameter in PIL.ImageMath.eval. This is a separate issue from CVE-2022-22817 (expression parameter). What’s affected: Pillow library in Python projects (Pillow versions up to 10.1.0). Root ...

8.1CVSS9AI score0.01703EPSS
CVE
CVE
β€’added 2020/01/03 12:52 a.m.β€’303 views

CVE-2020-5310

CVE-2020-5310 affects Pillow’s TIFF decoding path, specifically libImaging/TiffDecode.c. The root cause is a TIFF decoding integer overflow tied to memory reallocation (realloc), exposing Pillow versions prior to 6.2.2 to potential crash or compromise when processing crafted TIFF images. Affected...

8.8CVSS8.8AI score0.01975EPSS
CVE
CVE
β€’added 2021/01/12 8:6 a.m.β€’222 views

CVE-2020-35654

Pillow CVE-2020-35654 affects TiffDecode: heap-based buffer overflow when decoding crafted YCbCr files due to interpretation conflicts with LibTIFF in RGBA mode. Affected versions are Pillow before 8.1.0 (and related notes indicate an incomplete fix extending to 8.1.1 per downstream advisories). ...

8.8CVSS9.2AI score0.01789EPSS
CVE
CVE
β€’added 2020/06/25 6:32 p.m.β€’148 views

CVE-2020-11538

CVE-2020-11538 affects Pillow up to 7.0.0, with out-of-bounds reads in SGI image parsing (libImaging/SgiRleDecode.c). Connected sources confirm Pillow as the impacted product and outline the vulnerability class, but do not provide exploit details. The fix is in Pillow 7.1.0 and later; remediation...

8.1CVSS8.7AI score0.02514EPSS
CVE
CVE
β€’added 2026/02/11 8:53 p.m.β€’65 views

CVE-2026-25990

CVE-2026-25990 : Pillow (Python Imaging Library) contains an out-of-bounds write when loading a specially crafted PSD image. Affected versions are 10.3.0 up to before 12.1.1; the issue is fixed in 12.1.1. The provided documents do not specify exploit status or in-the-wild details beyond this fix.

8.6CVSS6.4AI score0.00367EPSS
CVE
CVE
β€’added 2026/04/15 10:53 p.m.β€’56 views

CVE-2026-40192

Pillow (Python imaging library) versions 10.3.0–12.1.1 are affected by a FITS-related decompression bomb: unbounded memory consumption from GZIP data during decoding, potentially leading to DoS. A fix is available in Pillow 12.2.0; if upgrading isn’t possible, users should avoid opening FITS imag...

8.7CVSS5.8AI score0.00671EPSS
CVE
CVE
β€’added 2026/05/09 4:11 a.m.β€’24 views

CVE-2026-42311

CVE-2026-42311 affects the Pillow Python imaging library. From version 10.3.0 up to, but not including, 12.2.0, processing a malicious PSD file can trigger an out-of-bounds/invalid PSD tile extents write, leading to memory corruption with potential crash or arbitrary code execution. The issue has...

8.6CVSS6AI score0.0015EPSS