Pillow Security Vulnerabilities and Issues — Pillow CVE List

Lucene search

PythonPillow

7 matches found

CVE•added 2022/01/10 2:12 p.m.•828 views

CVE-2022-22817

PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used.

9.8CVSS8.9AI score0.02548EPSS

CVE•added 2022/01/10 2:12 p.m.•249 views

CVE-2022-22816

path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.

6.5CVSS7.9AI score0.00149EPSS

CVE•added 2022/01/10 2:12 p.m.•244 views

CVE-2022-22815

path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.

6.5CVSS7.7AI score0.00095EPSS

CVE•added 2022/03/28 2:15 a.m.•181 views

CVE-2022-24303

Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.

9.1CVSS8.9AI score0.00496EPSS

CVE•added 2022/11/14 7:15 a.m.•100 views

CVE-2022-45198

Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).

7.5CVSS7.4AI score0.00123EPSS

CVE•added 2022/11/14 7:15 a.m.•99 views

CVE-2022-45199

Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.

7.5CVSS7.2AI score0.0013EPSS

CVE•added 2022/05/25 12:15 p.m.•98 views

CVE-2022-30595

libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files.

9.8CVSS9.5AI score0.03569EPSS