Pillow Security Vulnerabilities and Issues — Pillow CVE List

There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux run...

7.5CVSS8.2AI score0.00757EPSS

CVE•added 2020/06/25 7:15 p.m.•213 views

CVE-2020-10177

Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c.

5.5CVSS6.3AI score0.00282EPSS

CVE•added 2020/06/25 7:15 p.m.•122 views

CVE-2020-11538

In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311.

8.1CVSS8.7AI score0.01063EPSS

CVE•added 2020/06/25 7:15 p.m.•113 views

CVE-2020-10378

In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer.

5.5CVSS6.2AI score0.00243EPSS

CVE•added 2020/06/25 7:15 p.m.•110 views

CVE-2020-10379

In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c.

7.8CVSS7.6AI score0.00324EPSS

CVE•added 2020/06/25 7:15 p.m.•105 views

CVE-2020-10994

In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file.

5.5CVSS6.1AI score0.00391EPSS