Lucene search
+L
PythonPillow

9 matches found

CVE
CVE
added 2022/01/07 12:0 a.m.894 views

CVE-2022-22817

CVE-2022-22817 affects Pillow’s PIL.ImageMath.eval before 9.0.0, enabling evaluation of arbitrary expressions (including code execution) via the expression parameter; a workaround/change was introduced in Pillow 9.0.0 to restrict builtins. Upgrading to 9.0.0+ (per Pillow release notes) is the adv...

9.8CVSS8.9AI score0.03399EPSS
CVE
CVE
added 2021/07/13 12:0 a.m.383 views

CVE-2021-34552

Pillow (Python Imaging Library) vulnerability CVE-2021-34552: Buffer overflow in Convert.c when passing controlled parameters to convert(), affecting Pillow <= 8.2.0 and PIL

9.8CVSS9.6AI score0.03162EPSS
CVE
CVE
added 2020/01/03 12:52 a.m.364 views

CVE-2020-5312

CVE-2020-5312 is a Pillow vulnerability where libImaging/PcxDecode.c may overflow the PCX P mode buffer in Pillow versions before 6.2.2. The issue arises during decoding PCX images and could impact memory handling in affected builds. Public advisories and release notes indicate upgrading Pillow t...

9.8CVSS9.4AI score0.0369EPSS
CVE
CVE
added 2020/01/03 12:52 a.m.346 views

CVE-2020-5311

Pillow’s vulnerability CVE-2020-5311 affects the libImaging/SgiRleDecode.c path and is triggered by an SGI buffer overflow in Pillow versions before 6.2.2. The issue is in the SGI image parsing code, not in a user-provided input path description; impact is partial to high depending on exposure of...

9.8CVSS8.8AI score0.04212EPSS
CVE
CVE
added 2021/03/19 3:29 a.m.249 views

CVE-2021-25289

CVE-2021-25289 affects Pillow before 8.1.1. The issue is a heap-based buffer overflow in TiffDecode when decoding crafted YCbCr files, triggered by interpretation conflicts with LibTIFF in RGBA mode. This stems from an incomplete fix for CVE-2020-35654. The CVE is documented with high severity (C...

9.8CVSS9.4AI score0.02281EPSS
CVE
CVE
added 2021/06/02 3:13 p.m.229 views

CVE-2021-25287

Pillow CVE-2021-25287 affects the Python Pillow library prior to 8.2.0, with an out-of-bounds read in J2kDecode (function: j2ku_graya_la). The related CVE-2021-25288 affects J2kDecode in j2ku_gray_i. Public advisories and CNVD entries corroborate the out-of-bounds read in these JPEG 2000 decoding...

9.1CVSS8.9AI score0.02876EPSS
CVE
CVE
added 2022/03/28 12:0 a.m.219 views

CVE-2022-24303

Pillow (Python Imaging Library fork) is affected by CVE-2022-24303. The vulnerability arises in Pillow’s handling of spaces in temporary pathnames, enabling an attacker to delete files through path traversal-like behavior. This impacts Pillow versions before 9.0.1. The documented consequence is f...

9.1CVSS8.9AI score0.02811EPSS
CVE
CVE
added 2021/06/02 3:13 p.m.210 views

CVE-2021-25288

Pillow CVE-2021-25288 is an out-of-bounds read vulnerability in the J2kDecode path (j2ku_gray_i) affecting Pillow before 8.2.0. Multiple sources confirm the flaw; remediation is to upgrade to Pillow 8.2.0 or later. Exploitation details are not provided in the supplied documents.

9.1CVSS8.9AI score0.02876EPSS
CVE
CVE
added 2022/05/25 11:46 a.m.123 views

CVE-2022-30595

CVE-2022-30595 affects Pillow (Python Pillow library) v9.1.0, where libImaging/TgaRleDecode.c can trigger a heap-based buffer overflow when processing invalid TGA files. This is caused by improper handling in TgaRleDecode, with some sources describing potential remote code execution if exploited....

9.8CVSS9.5AI score0.01923EPSS