Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/pillow@5.0.0
Typepypi
Namespace
Namepillow
Version5.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version12.2.0
Latest_non_vulnerable_version12.2.0
Affected_by_vulnerabilities
0
url VCID-2gpf-94cu-6fcd
vulnerability_id VCID-2gpf-94cu-6fcd
summary PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method.
references
0
reference_url https://github.com/advisories/GHSA-8vj2-vxx3-667w
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-8vj2-vxx3-667w
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-10.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-10.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/commit/8531b01d6cdf0b70f256f93092caa2a5d91afc11
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/8531b01d6cdf0b70f256f93092caa2a5d91afc11
4
reference_url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
5
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
6
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval
7
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security
8
reference_url https://security.gentoo.org/glsa/202211-10
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202211-10
9
reference_url https://www.debian.org/security/2022/dsa-5053
reference_id
reference_type
scores
url https://www.debian.org/security/2022/dsa-5053
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22817
reference_id CVE-2022-22817
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-22817
fixed_packages
0
url pkg:pypi/pillow@9.0.0
purl pkg:pypi/pillow@9.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tub-w66m-uyfu
1
vulnerability VCID-9hza-srk7-sucy
2
vulnerability VCID-q8fz-36n2-vfh2
3
vulnerability VCID-vx7b-mwfx-5fg2
4
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.0
1
url pkg:pypi/pillow@9.0.1
purl pkg:pypi/pillow@9.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tub-w66m-uyfu
1
vulnerability VCID-9hza-srk7-sucy
2
vulnerability VCID-vx7b-mwfx-5fg2
3
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.1
aliases CVE-2022-22817, GHSA-8vj2-vxx3-667w, PYSEC-2022-10
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2gpf-94cu-6fcd
1
url VCID-3gam-zy4w-2ucr
vulnerability_id VCID-3gam-zy4w-2ucr
summary Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.
references
0
reference_url https://github.com/advisories/GHSA-95q3-8gr9-gm8w
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-95q3-8gr9-gm8w
1
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
4
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-7ya3-j9fa-zugj
3
vulnerability VCID-9hza-srk7-sucy
4
vulnerability VCID-d4dx-wbrv-gqaa
5
vulnerability VCID-dkcx-xcb8-3fgj
6
vulnerability VCID-fq9j-ntxd-t3b3
7
vulnerability VCID-gve2-x5zh-gqha
8
vulnerability VCID-htee-x1mv-sfhh
9
vulnerability VCID-prvn-bejg-kufb
10
vulnerability VCID-q8fz-36n2-vfh2
11
vulnerability VCID-qbfa-rky7-juh5
12
vulnerability VCID-tcda-8txy-7ygn
13
vulnerability VCID-vx7b-mwfx-5fg2
14
vulnerability VCID-wfzw-3x26-tucg
15
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
aliases CVE-2021-27923, GHSA-95q3-8gr9-gm8w, PYSEC-2021-42
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3gam-zy4w-2ucr
2
url VCID-4tub-w66m-uyfu
vulnerability_id VCID-4tub-w66m-uyfu
summary Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). Pillow v10.0.1 upgrades the bundled libwebp binary to v1.3.2.
references
0
reference_url https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst#1001-2023-09-15
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst#1001-2023-09-15
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-4863
reference_id
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-4863
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-5129
reference_id
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-5129
fixed_packages
0
url pkg:pypi/pillow@10.0.1
purl pkg:pypi/pillow@10.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9hza-srk7-sucy
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@10.0.1
aliases PYSEC-2023-175
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4tub-w66m-uyfu
3
url VCID-5h45-rcpb-q7bz
vulnerability_id VCID-5h45-rcpb-q7bz
summary An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.
references
0
reference_url https://github.com/advisories/GHSA-57h3-9rgr-c24m
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-57h3-9rgr-c24m
1
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-7ya3-j9fa-zugj
3
vulnerability VCID-9hza-srk7-sucy
4
vulnerability VCID-d4dx-wbrv-gqaa
5
vulnerability VCID-dkcx-xcb8-3fgj
6
vulnerability VCID-fq9j-ntxd-t3b3
7
vulnerability VCID-gve2-x5zh-gqha
8
vulnerability VCID-htee-x1mv-sfhh
9
vulnerability VCID-prvn-bejg-kufb
10
vulnerability VCID-q8fz-36n2-vfh2
11
vulnerability VCID-qbfa-rky7-juh5
12
vulnerability VCID-tcda-8txy-7ygn
13
vulnerability VCID-vx7b-mwfx-5fg2
14
vulnerability VCID-wfzw-3x26-tucg
15
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
aliases CVE-2021-25289, GHSA-57h3-9rgr-c24m, PYSEC-2021-35
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5h45-rcpb-q7bz
4
url VCID-7hcs-pkze-6ba4
vulnerability_id VCID-7hcs-pkze-6ba4
summary In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.
references
0
reference_url https://github.com/advisories/GHSA-hf64-x4gq-p99h
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-hf64-x4gq-p99h
1
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/
3
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/index.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/index.html
fixed_packages
0
url pkg:pypi/pillow@8.1.0
purl pkg:pypi/pillow@8.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-3gam-zy4w-2ucr
2
vulnerability VCID-4tub-w66m-uyfu
3
vulnerability VCID-5h45-rcpb-q7bz
4
vulnerability VCID-7ya3-j9fa-zugj
5
vulnerability VCID-8z6g-5td3-g7ej
6
vulnerability VCID-9hza-srk7-sucy
7
vulnerability VCID-d4dx-wbrv-gqaa
8
vulnerability VCID-dkcx-xcb8-3fgj
9
vulnerability VCID-fq9j-ntxd-t3b3
10
vulnerability VCID-g48w-36yx-tue3
11
vulnerability VCID-gve2-x5zh-gqha
12
vulnerability VCID-htee-x1mv-sfhh
13
vulnerability VCID-prvn-bejg-kufb
14
vulnerability VCID-q8fz-36n2-vfh2
15
vulnerability VCID-qbfa-rky7-juh5
16
vulnerability VCID-qz6s-pjqj-7uet
17
vulnerability VCID-tcda-8txy-7ygn
18
vulnerability VCID-vx7b-mwfx-5fg2
19
vulnerability VCID-wfzw-3x26-tucg
20
vulnerability VCID-wuv4-qn69-zygh
21
vulnerability VCID-x3bz-ehvb-jyfs
22
vulnerability VCID-yk5x-nt2m-5kgy
23
vulnerability VCID-zsxq-dasb-qyex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.0
aliases CVE-2020-35655, GHSA-hf64-x4gq-p99h, PYSEC-2021-71
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7hcs-pkze-6ba4
5
url VCID-7sps-ppua-ubb2
vulnerability_id VCID-7sps-ppua-ubb2
summary libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc.
references
0
reference_url https://github.com/advisories/GHSA-vcqg-3p29-xw73
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-vcqg-3p29-xw73
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-81.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-81.yaml
2
reference_url https://github.com/pypa/advisory-db/blob/7872b0a91b4d980f749e6d75a81f8cc1af32829f/vulns/pillow/PYSEC-2020-81.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-db/blob/7872b0a91b4d980f749e6d75a81f8cc1af32829f/vulns/pillow/PYSEC-2020-81.yaml
3
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
4
reference_url https://github.com/python-pillow/Pillow/commit/4e2def2539ec13e53a82e06c4b3daf00454100c4
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/4e2def2539ec13e53a82e06c4b3daf00454100c4
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
9
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
10
reference_url https://usn.ubuntu.com/4272-1
reference_id
reference_type
scores
url https://usn.ubuntu.com/4272-1
11
reference_url https://usn.ubuntu.com/4272-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4272-1/
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-5310
reference_id CVE-2020-5310
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-5310
fixed_packages
0
url pkg:pypi/pillow@6.2.2
purl pkg:pypi/pillow@6.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-3gam-zy4w-2ucr
2
vulnerability VCID-4tub-w66m-uyfu
3
vulnerability VCID-5h45-rcpb-q7bz
4
vulnerability VCID-7hcs-pkze-6ba4
5
vulnerability VCID-7v6e-3dxw-aubu
6
vulnerability VCID-7ya3-j9fa-zugj
7
vulnerability VCID-8z6g-5td3-g7ej
8
vulnerability VCID-9hza-srk7-sucy
9
vulnerability VCID-9v9s-wbu3-cqc7
10
vulnerability VCID-d4dx-wbrv-gqaa
11
vulnerability VCID-dkcx-xcb8-3fgj
12
vulnerability VCID-fq9j-ntxd-t3b3
13
vulnerability VCID-g48w-36yx-tue3
14
vulnerability VCID-gve2-x5zh-gqha
15
vulnerability VCID-htee-x1mv-sfhh
16
vulnerability VCID-jtq6-eykc-ykbz
17
vulnerability VCID-kjxw-f4f4-dydb
18
vulnerability VCID-prvn-bejg-kufb
19
vulnerability VCID-q8fz-36n2-vfh2
20
vulnerability VCID-qbfa-rky7-juh5
21
vulnerability VCID-qz6s-pjqj-7uet
22
vulnerability VCID-t3rz-wf43-a3bf
23
vulnerability VCID-tcda-8txy-7ygn
24
vulnerability VCID-vx7b-mwfx-5fg2
25
vulnerability VCID-wfzw-3x26-tucg
26
vulnerability VCID-whh3-qs36-pqfq
27
vulnerability VCID-wuv4-qn69-zygh
28
vulnerability VCID-x3bz-ehvb-jyfs
29
vulnerability VCID-xbur-n6na-d7g1
30
vulnerability VCID-yk5x-nt2m-5kgy
31
vulnerability VCID-zsxq-dasb-qyex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@6.2.2
aliases CVE-2020-5310, GHSA-vcqg-3p29-xw73, PYSEC-2020-81
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7sps-ppua-ubb2
6
url VCID-7v6e-3dxw-aubu
vulnerability_id VCID-7v6e-3dxw-aubu
summary In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.
references
0
reference_url https://github.com/advisories/GHSA-f5g8-5qq7-938w
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-f5g8-5qq7-938w
1
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/
3
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/index.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/index.html
fixed_packages
0
url pkg:pypi/pillow@8.1.0
purl pkg:pypi/pillow@8.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-3gam-zy4w-2ucr
2
vulnerability VCID-4tub-w66m-uyfu
3
vulnerability VCID-5h45-rcpb-q7bz
4
vulnerability VCID-7ya3-j9fa-zugj
5
vulnerability VCID-8z6g-5td3-g7ej
6
vulnerability VCID-9hza-srk7-sucy
7
vulnerability VCID-d4dx-wbrv-gqaa
8
vulnerability VCID-dkcx-xcb8-3fgj
9
vulnerability VCID-fq9j-ntxd-t3b3
10
vulnerability VCID-g48w-36yx-tue3
11
vulnerability VCID-gve2-x5zh-gqha
12
vulnerability VCID-htee-x1mv-sfhh
13
vulnerability VCID-prvn-bejg-kufb
14
vulnerability VCID-q8fz-36n2-vfh2
15
vulnerability VCID-qbfa-rky7-juh5
16
vulnerability VCID-qz6s-pjqj-7uet
17
vulnerability VCID-tcda-8txy-7ygn
18
vulnerability VCID-vx7b-mwfx-5fg2
19
vulnerability VCID-wfzw-3x26-tucg
20
vulnerability VCID-wuv4-qn69-zygh
21
vulnerability VCID-x3bz-ehvb-jyfs
22
vulnerability VCID-yk5x-nt2m-5kgy
23
vulnerability VCID-zsxq-dasb-qyex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.0
aliases CVE-2020-35653, GHSA-f5g8-5qq7-938w, PYSEC-2021-69
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7v6e-3dxw-aubu
7
url VCID-7ya3-j9fa-zugj
vulnerability_id VCID-7ya3-j9fa-zugj
summary arbitrary code execution
references
0
reference_url https://github.com/advisories/GHSA-7534-mm45-c74v
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-7534-mm45-c74v
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-331.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-331.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/commit/31c473898c29d1b7cb6555ce67d9503a4906b83f
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/31c473898c29d1b7cb6555ce67d9503a4906b83f
4
reference_url https://github.com/python-pillow/Pillow/pull/5567
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/5567
5
reference_url https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V6LCG525ARIX6LX5QRYNAWVDD2MD2SV
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V6LCG525ARIX6LX5QRYNAWVDD2MD2SV
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V6LCG525ARIX6LX5QRYNAWVDD2MD2SV/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V6LCG525ARIX6LX5QRYNAWVDD2MD2SV/
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUGBBT63VL7G4JNOEIPDJIOC34ZFBKNJ
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUGBBT63VL7G4JNOEIPDJIOC34ZFBKNJ
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUGBBT63VL7G4JNOEIPDJIOC34ZFBKNJ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUGBBT63VL7G4JNOEIPDJIOC34ZFBKNJ/
10
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow
11
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/index.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/index.html
12
reference_url https://security.gentoo.org/glsa/202211-10
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202211-10
13
reference_url https://security.archlinux.org/ASA-202107-26
reference_id ASA-202107-26
reference_type
scores
url https://security.archlinux.org/ASA-202107-26
14
reference_url https://security.archlinux.org/AVG-2150
reference_id AVG-2150
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2150
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-34552
reference_id CVE-2021-34552
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-34552
fixed_packages
0
url pkg:pypi/pillow@8.3.0
purl pkg:pypi/pillow@8.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-9hza-srk7-sucy
3
vulnerability VCID-d4dx-wbrv-gqaa
4
vulnerability VCID-dkcx-xcb8-3fgj
5
vulnerability VCID-q8fz-36n2-vfh2
6
vulnerability VCID-vx7b-mwfx-5fg2
7
vulnerability VCID-wfzw-3x26-tucg
8
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.3.0
aliases CVE-2021-34552, GHSA-7534-mm45-c74v, PYSEC-2021-331
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7ya3-j9fa-zugj
8
url VCID-8z6g-5td3-g7ej
vulnerability_id VCID-8z6g-5td3-g7ej
summary An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.
references
0
reference_url https://github.com/advisories/GHSA-p43w-g3c5-g5mq
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-p43w-g3c5-g5mq
1
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-7ya3-j9fa-zugj
3
vulnerability VCID-9hza-srk7-sucy
4
vulnerability VCID-d4dx-wbrv-gqaa
5
vulnerability VCID-dkcx-xcb8-3fgj
6
vulnerability VCID-fq9j-ntxd-t3b3
7
vulnerability VCID-gve2-x5zh-gqha
8
vulnerability VCID-htee-x1mv-sfhh
9
vulnerability VCID-prvn-bejg-kufb
10
vulnerability VCID-q8fz-36n2-vfh2
11
vulnerability VCID-qbfa-rky7-juh5
12
vulnerability VCID-tcda-8txy-7ygn
13
vulnerability VCID-vx7b-mwfx-5fg2
14
vulnerability VCID-wfzw-3x26-tucg
15
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
aliases CVE-2021-25293, GHSA-p43w-g3c5-g5mq, PYSEC-2021-39
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8z6g-5td3-g7ej
9
url VCID-9hza-srk7-sucy
vulnerability_id VCID-9hza-srk7-sucy
summary Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0.
references
0
reference_url https://github.com/python-pillow/Pillow/releases/tag/12.2.0
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://github.com/python-pillow/Pillow/releases/tag/12.2.0
1
reference_url https://github.com/python-pillow/Pillow/security/advisories/GHSA-wjx4-4jcj-g98j
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://github.com/python-pillow/Pillow/security/advisories/GHSA-wjx4-4jcj-g98j
fixed_packages
0
url pkg:pypi/pillow@12.2.0
purl pkg:pypi/pillow@12.2.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@12.2.0
aliases CVE-2026-42308, GHSA-wjx4-4jcj-g98j, PYSEC-2026-165
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9hza-srk7-sucy
10
url VCID-9qm6-cbz9-b7c8
vulnerability_id VCID-9qm6-cbz9-b7c8
summary There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux running 64-bit Python this results in the process being terminated by the OOM killer.
references
0
reference_url https://github.com/advisories/GHSA-5gm3-px64-rw72
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-5gm3-px64-rw72
1
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
2
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
3
reference_url https://usn.ubuntu.com/4272-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4272-1/
4
reference_url https://www.debian.org/security/2020/dsa-4631
reference_id
reference_type
scores
url https://www.debian.org/security/2020/dsa-4631
fixed_packages
0
url pkg:pypi/pillow@6.2.2
purl pkg:pypi/pillow@6.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-3gam-zy4w-2ucr
2
vulnerability VCID-4tub-w66m-uyfu
3
vulnerability VCID-5h45-rcpb-q7bz
4
vulnerability VCID-7hcs-pkze-6ba4
5
vulnerability VCID-7v6e-3dxw-aubu
6
vulnerability VCID-7ya3-j9fa-zugj
7
vulnerability VCID-8z6g-5td3-g7ej
8
vulnerability VCID-9hza-srk7-sucy
9
vulnerability VCID-9v9s-wbu3-cqc7
10
vulnerability VCID-d4dx-wbrv-gqaa
11
vulnerability VCID-dkcx-xcb8-3fgj
12
vulnerability VCID-fq9j-ntxd-t3b3
13
vulnerability VCID-g48w-36yx-tue3
14
vulnerability VCID-gve2-x5zh-gqha
15
vulnerability VCID-htee-x1mv-sfhh
16
vulnerability VCID-jtq6-eykc-ykbz
17
vulnerability VCID-kjxw-f4f4-dydb
18
vulnerability VCID-prvn-bejg-kufb
19
vulnerability VCID-q8fz-36n2-vfh2
20
vulnerability VCID-qbfa-rky7-juh5
21
vulnerability VCID-qz6s-pjqj-7uet
22
vulnerability VCID-t3rz-wf43-a3bf
23
vulnerability VCID-tcda-8txy-7ygn
24
vulnerability VCID-vx7b-mwfx-5fg2
25
vulnerability VCID-wfzw-3x26-tucg
26
vulnerability VCID-whh3-qs36-pqfq
27
vulnerability VCID-wuv4-qn69-zygh
28
vulnerability VCID-x3bz-ehvb-jyfs
29
vulnerability VCID-xbur-n6na-d7g1
30
vulnerability VCID-yk5x-nt2m-5kgy
31
vulnerability VCID-zsxq-dasb-qyex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@6.2.2
aliases CVE-2019-19911, GHSA-5gm3-px64-rw72, PYSEC-2020-172
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9qm6-cbz9-b7c8
11
url VCID-9v9s-wbu3-cqc7
vulnerability_id VCID-9v9s-wbu3-cqc7
summary Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c.
references
0
reference_url https://github.com/advisories/GHSA-cqhg-xjhh-p8hf
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-cqhg-xjhh-p8hf
1
reference_url https://github.com/python-pillow/Pillow/commits/master/src/libImaging
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commits/master/src/libImaging
2
reference_url https://github.com/python-pillow/Pillow/pull/4503
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/4503
3
reference_url https://github.com/python-pillow/Pillow/pull/4538
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/4538
4
reference_url https://lists.debian.org/debian-lts-announce/2020/08/msg00012.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2020/08/msg00012.html
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
7
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
8
reference_url https://usn.ubuntu.com/4430-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4430-1/
9
reference_url https://usn.ubuntu.com/4430-2/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4430-2/
fixed_packages
0
url pkg:pypi/pillow@7.1.0
purl pkg:pypi/pillow@7.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-3gam-zy4w-2ucr
2
vulnerability VCID-4tub-w66m-uyfu
3
vulnerability VCID-5h45-rcpb-q7bz
4
vulnerability VCID-7hcs-pkze-6ba4
5
vulnerability VCID-7v6e-3dxw-aubu
6
vulnerability VCID-7ya3-j9fa-zugj
7
vulnerability VCID-8z6g-5td3-g7ej
8
vulnerability VCID-9hza-srk7-sucy
9
vulnerability VCID-d4dx-wbrv-gqaa
10
vulnerability VCID-dkcx-xcb8-3fgj
11
vulnerability VCID-fq9j-ntxd-t3b3
12
vulnerability VCID-g48w-36yx-tue3
13
vulnerability VCID-gve2-x5zh-gqha
14
vulnerability VCID-htee-x1mv-sfhh
15
vulnerability VCID-kjxw-f4f4-dydb
16
vulnerability VCID-prvn-bejg-kufb
17
vulnerability VCID-q8fz-36n2-vfh2
18
vulnerability VCID-qbfa-rky7-juh5
19
vulnerability VCID-qz6s-pjqj-7uet
20
vulnerability VCID-tcda-8txy-7ygn
21
vulnerability VCID-vx7b-mwfx-5fg2
22
vulnerability VCID-wfzw-3x26-tucg
23
vulnerability VCID-wuv4-qn69-zygh
24
vulnerability VCID-x3bz-ehvb-jyfs
25
vulnerability VCID-yk5x-nt2m-5kgy
26
vulnerability VCID-zsxq-dasb-qyex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@7.1.0
aliases CVE-2020-10177, GHSA-cqhg-xjhh-p8hf, PYSEC-2020-76
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9v9s-wbu3-cqc7
12
url VCID-cb58-eehb-j7cv
vulnerability_id VCID-cb58-eehb-j7cv
summary libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow.
references
0
reference_url https://access.redhat.com/errata/RHSA-2020:0566
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0566
1
reference_url https://access.redhat.com/errata/RHSA-2020:0580
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0580
2
reference_url https://github.com/advisories/GHSA-r7rm-8j6h-r933
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-r7rm-8j6h-r933
3
reference_url https://github.com/python-pillow/Pillow/commit/a79b65c47c7dc6fe623aadf09aa6192fc54548f3
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/a79b65c47c7dc6fe623aadf09aa6192fc54548f3
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
6
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
7
reference_url https://usn.ubuntu.com/4272-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4272-1/
8
reference_url https://www.debian.org/security/2020/dsa-4631
reference_id
reference_type
scores
url https://www.debian.org/security/2020/dsa-4631
fixed_packages
0
url pkg:pypi/pillow@6.2.2
purl pkg:pypi/pillow@6.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-3gam-zy4w-2ucr
2
vulnerability VCID-4tub-w66m-uyfu
3
vulnerability VCID-5h45-rcpb-q7bz
4
vulnerability VCID-7hcs-pkze-6ba4
5
vulnerability VCID-7v6e-3dxw-aubu
6
vulnerability VCID-7ya3-j9fa-zugj
7
vulnerability VCID-8z6g-5td3-g7ej
8
vulnerability VCID-9hza-srk7-sucy
9
vulnerability VCID-9v9s-wbu3-cqc7
10
vulnerability VCID-d4dx-wbrv-gqaa
11
vulnerability VCID-dkcx-xcb8-3fgj
12
vulnerability VCID-fq9j-ntxd-t3b3
13
vulnerability VCID-g48w-36yx-tue3
14
vulnerability VCID-gve2-x5zh-gqha
15
vulnerability VCID-htee-x1mv-sfhh
16
vulnerability VCID-jtq6-eykc-ykbz
17
vulnerability VCID-kjxw-f4f4-dydb
18
vulnerability VCID-prvn-bejg-kufb
19
vulnerability VCID-q8fz-36n2-vfh2
20
vulnerability VCID-qbfa-rky7-juh5
21
vulnerability VCID-qz6s-pjqj-7uet
22
vulnerability VCID-t3rz-wf43-a3bf
23
vulnerability VCID-tcda-8txy-7ygn
24
vulnerability VCID-vx7b-mwfx-5fg2
25
vulnerability VCID-wfzw-3x26-tucg
26
vulnerability VCID-whh3-qs36-pqfq
27
vulnerability VCID-wuv4-qn69-zygh
28
vulnerability VCID-x3bz-ehvb-jyfs
29
vulnerability VCID-xbur-n6na-d7g1
30
vulnerability VCID-yk5x-nt2m-5kgy
31
vulnerability VCID-zsxq-dasb-qyex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@6.2.2
aliases CVE-2020-5311, GHSA-r7rm-8j6h-r933, PYSEC-2020-82
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cb58-eehb-j7cv
13
url VCID-d4dx-wbrv-gqaa
vulnerability_id VCID-d4dx-wbrv-gqaa
summary path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.
references
0
reference_url https://github.com/advisories/GHSA-pw3c-h7wp-cvhx
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-pw3c-h7wp-cvhx
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-8.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-8.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331
4
reference_url https://github.com/python-pillow/Pillow/blob/e8ab5640774716c5486d3cb05167f74f742ad6ef/CHANGES.rst?plain=1#L1187
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/blob/e8ab5640774716c5486d3cb05167f74f742ad6ef/CHANGES.rst?plain=1#L1187
5
reference_url https://github.com/python-pillow/Pillow/commit/1e092419b6806495c683043ab3feb6ce264f3b9c
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/1e092419b6806495c683043ab3feb6ce264f3b9c
6
reference_url https://github.com/python-pillow/Pillow/commit/c48271ab354db49cdbd740bc45e13be4f0f7993c
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/c48271ab354db49cdbd740bc45e13be4f0f7993c
7
reference_url https://github.com/python-pillow/Pillow/pull/5920
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/5920
8
reference_url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
9
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling
10
reference_url https://www.debian.org/security/2022/dsa-5053
reference_id
reference_type
scores
url https://www.debian.org/security/2022/dsa-5053
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22815
reference_id CVE-2022-22815
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-22815
fixed_packages
0
url pkg:pypi/pillow@9.0.0
purl pkg:pypi/pillow@9.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tub-w66m-uyfu
1
vulnerability VCID-9hza-srk7-sucy
2
vulnerability VCID-q8fz-36n2-vfh2
3
vulnerability VCID-vx7b-mwfx-5fg2
4
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.0
aliases CVE-2022-22815, GHSA-pw3c-h7wp-cvhx, PYSEC-2022-8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d4dx-wbrv-gqaa
14
url VCID-dkcx-xcb8-3fgj
vulnerability_id VCID-dkcx-xcb8-3fgj
summary The package pillow from 0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.
references
0
reference_url https://github.com/advisories/GHSA-98vv-pw6r-q6q4
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-98vv-pw6r-q6q4
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-317.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-317.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b
4
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT
9
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html
10
reference_url https://security.gentoo.org/glsa/202211-10
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202211-10
11
reference_url https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443
reference_id
reference_type
scores
url https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-23437
reference_id CVE-2021-23437
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-23437
fixed_packages
0
url pkg:pypi/pillow@8.3.2
purl pkg:pypi/pillow@8.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-9hza-srk7-sucy
3
vulnerability VCID-d4dx-wbrv-gqaa
4
vulnerability VCID-q8fz-36n2-vfh2
5
vulnerability VCID-vx7b-mwfx-5fg2
6
vulnerability VCID-wfzw-3x26-tucg
7
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.3.2
aliases CVE-2021-23437, GHSA-98vv-pw6r-q6q4, PYSEC-2021-317, SNYK-PYTHON-PILLOW-1319443
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dkcx-xcb8-3fgj
15
url VCID-fq9j-ntxd-t3b3
vulnerability_id VCID-fq9j-ntxd-t3b3
summary An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.
references
0
reference_url https://github.com/advisories/GHSA-77gc-v2xv-rvvh
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-77gc-v2xv-rvvh
1
reference_url https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
3
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
fixed_packages
0
url pkg:pypi/pillow@8.2.0
purl pkg:pypi/pillow@8.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-7ya3-j9fa-zugj
3
vulnerability VCID-9hza-srk7-sucy
4
vulnerability VCID-d4dx-wbrv-gqaa
5
vulnerability VCID-dkcx-xcb8-3fgj
6
vulnerability VCID-q8fz-36n2-vfh2
7
vulnerability VCID-vx7b-mwfx-5fg2
8
vulnerability VCID-wfzw-3x26-tucg
9
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0
aliases CVE-2021-25287, GHSA-77gc-v2xv-rvvh, PYSEC-2021-137
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fq9j-ntxd-t3b3
16
url VCID-g48w-36yx-tue3
vulnerability_id VCID-g48w-36yx-tue3
summary Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.
references
0
reference_url https://github.com/advisories/GHSA-f4w8-cv6p-x6r5
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-f4w8-cv6p-x6r5
1
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
4
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-7ya3-j9fa-zugj
3
vulnerability VCID-9hza-srk7-sucy
4
vulnerability VCID-d4dx-wbrv-gqaa
5
vulnerability VCID-dkcx-xcb8-3fgj
6
vulnerability VCID-fq9j-ntxd-t3b3
7
vulnerability VCID-gve2-x5zh-gqha
8
vulnerability VCID-htee-x1mv-sfhh
9
vulnerability VCID-prvn-bejg-kufb
10
vulnerability VCID-q8fz-36n2-vfh2
11
vulnerability VCID-qbfa-rky7-juh5
12
vulnerability VCID-tcda-8txy-7ygn
13
vulnerability VCID-vx7b-mwfx-5fg2
14
vulnerability VCID-wfzw-3x26-tucg
15
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
aliases CVE-2021-27921, GHSA-f4w8-cv6p-x6r5, PYSEC-2021-40
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g48w-36yx-tue3
17
url VCID-gve2-x5zh-gqha
vulnerability_id VCID-gve2-x5zh-gqha
summary An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load.
references
0
reference_url https://github.com/advisories/GHSA-g6rj-rv7j-xwp4
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-g6rj-rv7j-xwp4
1
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
2
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fix-dos-in-psdimageplugin
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fix-dos-in-psdimageplugin
fixed_packages
0
url pkg:pypi/pillow@8.2.0
purl pkg:pypi/pillow@8.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-7ya3-j9fa-zugj
3
vulnerability VCID-9hza-srk7-sucy
4
vulnerability VCID-d4dx-wbrv-gqaa
5
vulnerability VCID-dkcx-xcb8-3fgj
6
vulnerability VCID-q8fz-36n2-vfh2
7
vulnerability VCID-vx7b-mwfx-5fg2
8
vulnerability VCID-wfzw-3x26-tucg
9
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0
aliases CVE-2021-28675, GHSA-g6rj-rv7j-xwp4, PYSEC-2021-139
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gve2-x5zh-gqha
18
url VCID-htee-x1mv-sfhh
vulnerability_id VCID-htee-x1mv-sfhh
summary An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a DoS of Pillow in the open phase, before an image was accepted for opening.
references
0
reference_url https://github.com/advisories/GHSA-q5hq-fp76-qmrc
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-q5hq-fp76-qmrc
1
reference_url https://github.com/python-pillow/Pillow/pull/5377
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/5377
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
3
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28677-fix-eps-dos-on-open
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28677-fix-eps-dos-on-open
fixed_packages
0
url pkg:pypi/pillow@8.2.0
purl pkg:pypi/pillow@8.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-7ya3-j9fa-zugj
3
vulnerability VCID-9hza-srk7-sucy
4
vulnerability VCID-d4dx-wbrv-gqaa
5
vulnerability VCID-dkcx-xcb8-3fgj
6
vulnerability VCID-q8fz-36n2-vfh2
7
vulnerability VCID-vx7b-mwfx-5fg2
8
vulnerability VCID-wfzw-3x26-tucg
9
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0
aliases CVE-2021-28677, GHSA-q5hq-fp76-qmrc, PYSEC-2021-93
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-htee-x1mv-sfhh
19
url VCID-jtq6-eykc-ykbz
vulnerability_id VCID-jtq6-eykc-ykbz
summary In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c.
references
0
reference_url https://github.com/advisories/GHSA-8843-m7mw-mxqm
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-8843-m7mw-mxqm
1
reference_url https://github.com/python-pillow/Pillow/commit/46f4a349b88915787fea3fb91348bb1665831bbb#diff-9478f2787e3ae9668a15123b165c23ac
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/46f4a349b88915787fea3fb91348bb1665831bbb#diff-9478f2787e3ae9668a15123b165c23ac
2
reference_url https://github.com/python-pillow/Pillow/commits/master/src/libImaging
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commits/master/src/libImaging
3
reference_url https://github.com/python-pillow/Pillow/pull/4538
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/4538
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
6
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
7
reference_url https://usn.ubuntu.com/4430-2/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4430-2/
fixed_packages
0
url pkg:pypi/pillow@7.1.0
purl pkg:pypi/pillow@7.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-3gam-zy4w-2ucr
2
vulnerability VCID-4tub-w66m-uyfu
3
vulnerability VCID-5h45-rcpb-q7bz
4
vulnerability VCID-7hcs-pkze-6ba4
5
vulnerability VCID-7v6e-3dxw-aubu
6
vulnerability VCID-7ya3-j9fa-zugj
7
vulnerability VCID-8z6g-5td3-g7ej
8
vulnerability VCID-9hza-srk7-sucy
9
vulnerability VCID-d4dx-wbrv-gqaa
10
vulnerability VCID-dkcx-xcb8-3fgj
11
vulnerability VCID-fq9j-ntxd-t3b3
12
vulnerability VCID-g48w-36yx-tue3
13
vulnerability VCID-gve2-x5zh-gqha
14
vulnerability VCID-htee-x1mv-sfhh
15
vulnerability VCID-kjxw-f4f4-dydb
16
vulnerability VCID-prvn-bejg-kufb
17
vulnerability VCID-q8fz-36n2-vfh2
18
vulnerability VCID-qbfa-rky7-juh5
19
vulnerability VCID-qz6s-pjqj-7uet
20
vulnerability VCID-tcda-8txy-7ygn
21
vulnerability VCID-vx7b-mwfx-5fg2
22
vulnerability VCID-wfzw-3x26-tucg
23
vulnerability VCID-wuv4-qn69-zygh
24
vulnerability VCID-x3bz-ehvb-jyfs
25
vulnerability VCID-yk5x-nt2m-5kgy
26
vulnerability VCID-zsxq-dasb-qyex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@7.1.0
aliases CVE-2020-10379, GHSA-8843-m7mw-mxqm, PYSEC-2020-78
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jtq6-eykc-ykbz
20
url VCID-kjxw-f4f4-dydb
vulnerability_id VCID-kjxw-f4f4-dydb
summary In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.
references
0
reference_url https://github.com/advisories/GHSA-vqcj-wrf2-7v73
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-vqcj-wrf2-7v73
1
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
5
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/index.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/index.html
fixed_packages
0
url pkg:pypi/pillow@8.1.0
purl pkg:pypi/pillow@8.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-3gam-zy4w-2ucr
2
vulnerability VCID-4tub-w66m-uyfu
3
vulnerability VCID-5h45-rcpb-q7bz
4
vulnerability VCID-7ya3-j9fa-zugj
5
vulnerability VCID-8z6g-5td3-g7ej
6
vulnerability VCID-9hza-srk7-sucy
7
vulnerability VCID-d4dx-wbrv-gqaa
8
vulnerability VCID-dkcx-xcb8-3fgj
9
vulnerability VCID-fq9j-ntxd-t3b3
10
vulnerability VCID-g48w-36yx-tue3
11
vulnerability VCID-gve2-x5zh-gqha
12
vulnerability VCID-htee-x1mv-sfhh
13
vulnerability VCID-prvn-bejg-kufb
14
vulnerability VCID-q8fz-36n2-vfh2
15
vulnerability VCID-qbfa-rky7-juh5
16
vulnerability VCID-qz6s-pjqj-7uet
17
vulnerability VCID-tcda-8txy-7ygn
18
vulnerability VCID-vx7b-mwfx-5fg2
19
vulnerability VCID-wfzw-3x26-tucg
20
vulnerability VCID-wuv4-qn69-zygh
21
vulnerability VCID-x3bz-ehvb-jyfs
22
vulnerability VCID-yk5x-nt2m-5kgy
23
vulnerability VCID-zsxq-dasb-qyex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.0
aliases CVE-2020-35654, GHSA-vqcj-wrf2-7v73, PYSEC-2021-70
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kjxw-f4f4-dydb
21
url VCID-mph7-qmm8-1fan
vulnerability_id VCID-mph7-qmm8-1fan
summary libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.
references
0
reference_url https://github.com/advisories/GHSA-hj69-c76v-86wr
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-hj69-c76v-86wr
1
reference_url https://github.com/python-pillow/Pillow/commit/a09acd0decd8a87ccce939d5ff65dab59e7d365b
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/a09acd0decd8a87ccce939d5ff65dab59e7d365b
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
4
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
5
reference_url https://usn.ubuntu.com/4272-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4272-1/
6
reference_url https://www.debian.org/security/2020/dsa-4631
reference_id
reference_type
scores
url https://www.debian.org/security/2020/dsa-4631
fixed_packages
0
url pkg:pypi/pillow@6.2.2
purl pkg:pypi/pillow@6.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-3gam-zy4w-2ucr
2
vulnerability VCID-4tub-w66m-uyfu
3
vulnerability VCID-5h45-rcpb-q7bz
4
vulnerability VCID-7hcs-pkze-6ba4
5
vulnerability VCID-7v6e-3dxw-aubu
6
vulnerability VCID-7ya3-j9fa-zugj
7
vulnerability VCID-8z6g-5td3-g7ej
8
vulnerability VCID-9hza-srk7-sucy
9
vulnerability VCID-9v9s-wbu3-cqc7
10
vulnerability VCID-d4dx-wbrv-gqaa
11
vulnerability VCID-dkcx-xcb8-3fgj
12
vulnerability VCID-fq9j-ntxd-t3b3
13
vulnerability VCID-g48w-36yx-tue3
14
vulnerability VCID-gve2-x5zh-gqha
15
vulnerability VCID-htee-x1mv-sfhh
16
vulnerability VCID-jtq6-eykc-ykbz
17
vulnerability VCID-kjxw-f4f4-dydb
18
vulnerability VCID-prvn-bejg-kufb
19
vulnerability VCID-q8fz-36n2-vfh2
20
vulnerability VCID-qbfa-rky7-juh5
21
vulnerability VCID-qz6s-pjqj-7uet
22
vulnerability VCID-t3rz-wf43-a3bf
23
vulnerability VCID-tcda-8txy-7ygn
24
vulnerability VCID-vx7b-mwfx-5fg2
25
vulnerability VCID-wfzw-3x26-tucg
26
vulnerability VCID-whh3-qs36-pqfq
27
vulnerability VCID-wuv4-qn69-zygh
28
vulnerability VCID-x3bz-ehvb-jyfs
29
vulnerability VCID-xbur-n6na-d7g1
30
vulnerability VCID-yk5x-nt2m-5kgy
31
vulnerability VCID-zsxq-dasb-qyex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@6.2.2
aliases CVE-2020-5313, GHSA-hj69-c76v-86wr, PYSEC-2020-84
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mph7-qmm8-1fan
22
url VCID-p66f-cwf8-tfdr
vulnerability_id VCID-p66f-cwf8-tfdr
summary libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.
references
0
reference_url https://access.redhat.com/errata/RHSA-2020:0566
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0566
1
reference_url https://access.redhat.com/errata/RHSA-2020:0578
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0578
2
reference_url https://access.redhat.com/errata/RHSA-2020:0580
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0580
3
reference_url https://access.redhat.com/errata/RHSA-2020:0681
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0681
4
reference_url https://access.redhat.com/errata/RHSA-2020:0683
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0683
5
reference_url https://access.redhat.com/errata/RHSA-2020:0694
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0694
6
reference_url https://github.com/advisories/GHSA-p49h-hjvm-jg3h
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-p49h-hjvm-jg3h
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-83.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-83.yaml
8
reference_url https://github.com/pypa/advisory-db/blob/7872b0a91b4d980f749e6d75a81f8cc1af32829f/vulns/pillow/PYSEC-2020-83.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-db/blob/7872b0a91b4d980f749e6d75a81f8cc1af32829f/vulns/pillow/PYSEC-2020-83.yaml
9
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
10
reference_url https://github.com/python-pillow/Pillow/commit/93b22b846e0269ee9594ff71a72bec02d2bea8fd
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/93b22b846e0269ee9594ff71a72bec02d2bea8fd
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
15
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
16
reference_url https://usn.ubuntu.com/4272-1
reference_id
reference_type
scores
url https://usn.ubuntu.com/4272-1
17
reference_url https://usn.ubuntu.com/4272-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4272-1/
18
reference_url https://www.debian.org/security/2020/dsa-4631
reference_id
reference_type
scores
url https://www.debian.org/security/2020/dsa-4631
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-5312
reference_id CVE-2020-5312
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-5312
fixed_packages
0
url pkg:pypi/pillow@6.2.2
purl pkg:pypi/pillow@6.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-3gam-zy4w-2ucr
2
vulnerability VCID-4tub-w66m-uyfu
3
vulnerability VCID-5h45-rcpb-q7bz
4
vulnerability VCID-7hcs-pkze-6ba4
5
vulnerability VCID-7v6e-3dxw-aubu
6
vulnerability VCID-7ya3-j9fa-zugj
7
vulnerability VCID-8z6g-5td3-g7ej
8
vulnerability VCID-9hza-srk7-sucy
9
vulnerability VCID-9v9s-wbu3-cqc7
10
vulnerability VCID-d4dx-wbrv-gqaa
11
vulnerability VCID-dkcx-xcb8-3fgj
12
vulnerability VCID-fq9j-ntxd-t3b3
13
vulnerability VCID-g48w-36yx-tue3
14
vulnerability VCID-gve2-x5zh-gqha
15
vulnerability VCID-htee-x1mv-sfhh
16
vulnerability VCID-jtq6-eykc-ykbz
17
vulnerability VCID-kjxw-f4f4-dydb
18
vulnerability VCID-prvn-bejg-kufb
19
vulnerability VCID-q8fz-36n2-vfh2
20
vulnerability VCID-qbfa-rky7-juh5
21
vulnerability VCID-qz6s-pjqj-7uet
22
vulnerability VCID-t3rz-wf43-a3bf
23
vulnerability VCID-tcda-8txy-7ygn
24
vulnerability VCID-vx7b-mwfx-5fg2
25
vulnerability VCID-wfzw-3x26-tucg
26
vulnerability VCID-whh3-qs36-pqfq
27
vulnerability VCID-wuv4-qn69-zygh
28
vulnerability VCID-x3bz-ehvb-jyfs
29
vulnerability VCID-xbur-n6na-d7g1
30
vulnerability VCID-yk5x-nt2m-5kgy
31
vulnerability VCID-zsxq-dasb-qyex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@6.2.2
aliases CVE-2020-5312, GHSA-p49h-hjvm-jg3h, PYSEC-2020-83
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p66f-cwf8-tfdr
23
url VCID-prvn-bejg-kufb
vulnerability_id VCID-prvn-bejg-kufb
summary An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i.
references
0
reference_url https://github.com/advisories/GHSA-rwv7-3v45-hg29
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-rwv7-3v45-hg29
1
reference_url https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
3
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
fixed_packages
0
url pkg:pypi/pillow@8.2.0
purl pkg:pypi/pillow@8.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-7ya3-j9fa-zugj
3
vulnerability VCID-9hza-srk7-sucy
4
vulnerability VCID-d4dx-wbrv-gqaa
5
vulnerability VCID-dkcx-xcb8-3fgj
6
vulnerability VCID-q8fz-36n2-vfh2
7
vulnerability VCID-vx7b-mwfx-5fg2
8
vulnerability VCID-wfzw-3x26-tucg
9
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0
aliases CVE-2021-25288, GHSA-rwv7-3v45-hg29, PYSEC-2021-138
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-prvn-bejg-kufb
24
url VCID-q8fz-36n2-vfh2
vulnerability_id VCID-q8fz-36n2-vfh2
summary Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.
references
0
reference_url https://github.com/advisories/GHSA-9j59-75qj-795w
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-9j59-75qj-795w
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-168.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-168.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/blob/e8ab5640774716c5486d3cb05167f74f742ad6ef/CHANGES.rst?plain=1#L1172
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/blob/e8ab5640774716c5486d3cb05167f74f742ad6ef/CHANGES.rst?plain=1#L1172
4
reference_url https://github.com/python-pillow/Pillow/commit/10c4f75aaa383bd9671e923e3b91d391ea12d781
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/10c4f75aaa383bd9671e923e3b91d391ea12d781
5
reference_url https://github.com/python-pillow/Pillow/commit/143032103c9f2d55a0a7960bd3e630cb72549e8a
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/143032103c9f2d55a0a7960bd3e630cb72549e8a
6
reference_url https://github.com/python-pillow/Pillow/commit/427221ef5f19157001bf8b1ad7cfe0b905ca8c26
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/427221ef5f19157001bf8b1ad7cfe0b905ca8c26
7
reference_url https://github.com/python-pillow/Pillow/pull/3450
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/3450
8
reference_url https://github.com/python-pillow/Pillow/pull/6010
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/6010
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W4ZUXPKEX72O3E5IHBPVY5ZCPMJ4GHHV
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W4ZUXPKEX72O3E5IHBPVY5ZCPMJ4GHHV
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XR6UP2XONXOVXI4446VY72R63YRO2YTP
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XR6UP2XONXOVXI4446VY72R63YRO2YTP
11
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security
12
reference_url https://security.gentoo.org/glsa/202211-10
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202211-10
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24303
reference_id CVE-2022-24303
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-24303
fixed_packages
0
url pkg:pypi/pillow@9.0.1
purl pkg:pypi/pillow@9.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tub-w66m-uyfu
1
vulnerability VCID-9hza-srk7-sucy
2
vulnerability VCID-vx7b-mwfx-5fg2
3
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.1
aliases CVE-2022-24303, GHSA-9j59-75qj-795w, GMS-2022-348, PYSEC-2022-168
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q8fz-36n2-vfh2
25
url VCID-qbfa-rky7-juh5
vulnerability_id VCID-qbfa-rky7-juh5
summary An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load.
references
0
reference_url https://github.com/advisories/GHSA-7r7m-5h27-29hp
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-7r7m-5h27-29hp
1
reference_url https://github.com/python-pillow/Pillow/pull/5377
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/5377
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
3
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28676-fix-fli-dos
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28676-fix-fli-dos
fixed_packages
0
url pkg:pypi/pillow@8.2.0
purl pkg:pypi/pillow@8.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-7ya3-j9fa-zugj
3
vulnerability VCID-9hza-srk7-sucy
4
vulnerability VCID-d4dx-wbrv-gqaa
5
vulnerability VCID-dkcx-xcb8-3fgj
6
vulnerability VCID-q8fz-36n2-vfh2
7
vulnerability VCID-vx7b-mwfx-5fg2
8
vulnerability VCID-wfzw-3x26-tucg
9
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0
aliases CVE-2021-28676, GHSA-7r7m-5h27-29hp, PYSEC-2021-92
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qbfa-rky7-juh5
26
url VCID-qz6s-pjqj-7uet
vulnerability_id VCID-qz6s-pjqj-7uet
summary An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.
references
0
reference_url https://github.com/advisories/GHSA-8xjq-8fcg-g5hw
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-8xjq-8fcg-g5hw
1
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-7ya3-j9fa-zugj
3
vulnerability VCID-9hza-srk7-sucy
4
vulnerability VCID-d4dx-wbrv-gqaa
5
vulnerability VCID-dkcx-xcb8-3fgj
6
vulnerability VCID-fq9j-ntxd-t3b3
7
vulnerability VCID-gve2-x5zh-gqha
8
vulnerability VCID-htee-x1mv-sfhh
9
vulnerability VCID-prvn-bejg-kufb
10
vulnerability VCID-q8fz-36n2-vfh2
11
vulnerability VCID-qbfa-rky7-juh5
12
vulnerability VCID-tcda-8txy-7ygn
13
vulnerability VCID-vx7b-mwfx-5fg2
14
vulnerability VCID-wfzw-3x26-tucg
15
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
aliases CVE-2021-25290, GHSA-8xjq-8fcg-g5hw, PYSEC-2021-36
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qz6s-pjqj-7uet
27
url VCID-t3rz-wf43-a3bf
vulnerability_id VCID-t3rz-wf43-a3bf
summary In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311.
references
0
reference_url https://github.com/advisories/GHSA-43fq-w8qq-v88h
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-43fq-w8qq-v88h
1
reference_url https://github.com/python-pillow/Pillow/pull/4504
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/4504
2
reference_url https://github.com/python-pillow/Pillow/pull/4538
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/4538
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
5
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
6
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/index.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/index.html
7
reference_url https://usn.ubuntu.com/4430-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4430-1/
8
reference_url https://usn.ubuntu.com/4430-2/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4430-2/
fixed_packages
0
url pkg:pypi/pillow@7.1.0
purl pkg:pypi/pillow@7.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-3gam-zy4w-2ucr
2
vulnerability VCID-4tub-w66m-uyfu
3
vulnerability VCID-5h45-rcpb-q7bz
4
vulnerability VCID-7hcs-pkze-6ba4
5
vulnerability VCID-7v6e-3dxw-aubu
6
vulnerability VCID-7ya3-j9fa-zugj
7
vulnerability VCID-8z6g-5td3-g7ej
8
vulnerability VCID-9hza-srk7-sucy
9
vulnerability VCID-d4dx-wbrv-gqaa
10
vulnerability VCID-dkcx-xcb8-3fgj
11
vulnerability VCID-fq9j-ntxd-t3b3
12
vulnerability VCID-g48w-36yx-tue3
13
vulnerability VCID-gve2-x5zh-gqha
14
vulnerability VCID-htee-x1mv-sfhh
15
vulnerability VCID-kjxw-f4f4-dydb
16
vulnerability VCID-prvn-bejg-kufb
17
vulnerability VCID-q8fz-36n2-vfh2
18
vulnerability VCID-qbfa-rky7-juh5
19
vulnerability VCID-qz6s-pjqj-7uet
20
vulnerability VCID-tcda-8txy-7ygn
21
vulnerability VCID-vx7b-mwfx-5fg2
22
vulnerability VCID-wfzw-3x26-tucg
23
vulnerability VCID-wuv4-qn69-zygh
24
vulnerability VCID-x3bz-ehvb-jyfs
25
vulnerability VCID-yk5x-nt2m-5kgy
26
vulnerability VCID-zsxq-dasb-qyex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@7.1.0
aliases CVE-2020-11538, GHSA-43fq-w8qq-v88h, PYSEC-2020-80
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t3rz-wf43-a3bf
28
url VCID-tcda-8txy-7ygn
vulnerability_id VCID-tcda-8txy-7ygn
summary An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data.
references
0
reference_url https://github.com/advisories/GHSA-hjfx-8p6c-g7gx
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-hjfx-8p6c-g7gx
1
reference_url https://github.com/python-pillow/Pillow/pull/5377
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/5377
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
3
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28678-fix-blp-dos
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28678-fix-blp-dos
fixed_packages
0
url pkg:pypi/pillow@8.2.0
purl pkg:pypi/pillow@8.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-7ya3-j9fa-zugj
3
vulnerability VCID-9hza-srk7-sucy
4
vulnerability VCID-d4dx-wbrv-gqaa
5
vulnerability VCID-dkcx-xcb8-3fgj
6
vulnerability VCID-q8fz-36n2-vfh2
7
vulnerability VCID-vx7b-mwfx-5fg2
8
vulnerability VCID-wfzw-3x26-tucg
9
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0
aliases CVE-2021-28678, GHSA-hjfx-8p6c-g7gx, PYSEC-2021-94
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tcda-8txy-7ygn
29
url VCID-vx7b-mwfx-5fg2
vulnerability_id VCID-vx7b-mwfx-5fg2
summary Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).
references
0
reference_url https://bugs.gentoo.org/855683
reference_id
reference_type
scores
url https://bugs.gentoo.org/855683
1
reference_url https://cwe.mitre.org/data/definitions/409.html
reference_id
reference_type
scores
url https://cwe.mitre.org/data/definitions/409.html
2
reference_url https://github.com/python-pillow/Pillow/commit/11918eac0628ec8ac0812670d9838361ead2d6a4
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/11918eac0628ec8ac0812670d9838361ead2d6a4
3
reference_url https://github.com/python-pillow/Pillow/pull/6402
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/6402
4
reference_url https://github.com/python-pillow/Pillow/releases/tag/9.2.0
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/releases/tag/9.2.0
fixed_packages
0
url pkg:pypi/pillow@9.2.0
purl pkg:pypi/pillow@9.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tub-w66m-uyfu
1
vulnerability VCID-9hza-srk7-sucy
2
vulnerability VCID-q325-dhha-83b2
3
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.2.0
aliases CVE-2022-45198, PYSEC-2022-42979
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vx7b-mwfx-5fg2
30
url VCID-vxtq-wjad-3ue3
vulnerability_id VCID-vxtq-wjad-3ue3
summary An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.
references
0
reference_url https://access.redhat.com/errata/RHSA-2020:0566
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0566
1
reference_url https://access.redhat.com/errata/RHSA-2020:0578
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0578
2
reference_url https://access.redhat.com/errata/RHSA-2020:0580
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0580
3
reference_url https://access.redhat.com/errata/RHSA-2020:0681
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0681
4
reference_url https://access.redhat.com/errata/RHSA-2020:0683
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0683
5
reference_url https://access.redhat.com/errata/RHSA-2020:0694
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0694
6
reference_url https://github.com/advisories/GHSA-j7mj-748x-7p78
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-j7mj-748x-7p78
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EMJBUZQGQ2Q7HXYCQVRLU7OXNC7CAWWU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EMJBUZQGQ2Q7HXYCQVRLU7OXNC7CAWWU/
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYDXD7EE4YAEVSTNIFZKNVPRVJX5ZOG3/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYDXD7EE4YAEVSTNIFZKNVPRVJX5ZOG3/
9
reference_url https://pillow.readthedocs.io/en/latest/releasenotes/6.2.0.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/latest/releasenotes/6.2.0.html
10
reference_url https://usn.ubuntu.com/4272-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4272-1/
11
reference_url https://www.debian.org/security/2020/dsa-4631
reference_id
reference_type
scores
url https://www.debian.org/security/2020/dsa-4631
fixed_packages
0
url pkg:pypi/pillow@6.2.0
purl pkg:pypi/pillow@6.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-3gam-zy4w-2ucr
2
vulnerability VCID-4tub-w66m-uyfu
3
vulnerability VCID-5h45-rcpb-q7bz
4
vulnerability VCID-7hcs-pkze-6ba4
5
vulnerability VCID-7sps-ppua-ubb2
6
vulnerability VCID-7v6e-3dxw-aubu
7
vulnerability VCID-7ya3-j9fa-zugj
8
vulnerability VCID-8z6g-5td3-g7ej
9
vulnerability VCID-9hza-srk7-sucy
10
vulnerability VCID-9qm6-cbz9-b7c8
11
vulnerability VCID-9v9s-wbu3-cqc7
12
vulnerability VCID-cb58-eehb-j7cv
13
vulnerability VCID-d4dx-wbrv-gqaa
14
vulnerability VCID-dkcx-xcb8-3fgj
15
vulnerability VCID-fq9j-ntxd-t3b3
16
vulnerability VCID-g48w-36yx-tue3
17
vulnerability VCID-gve2-x5zh-gqha
18
vulnerability VCID-htee-x1mv-sfhh
19
vulnerability VCID-jtq6-eykc-ykbz
20
vulnerability VCID-kjxw-f4f4-dydb
21
vulnerability VCID-mph7-qmm8-1fan
22
vulnerability VCID-p66f-cwf8-tfdr
23
vulnerability VCID-prvn-bejg-kufb
24
vulnerability VCID-q8fz-36n2-vfh2
25
vulnerability VCID-qbfa-rky7-juh5
26
vulnerability VCID-qz6s-pjqj-7uet
27
vulnerability VCID-t3rz-wf43-a3bf
28
vulnerability VCID-tcda-8txy-7ygn
29
vulnerability VCID-vx7b-mwfx-5fg2
30
vulnerability VCID-wfzw-3x26-tucg
31
vulnerability VCID-whh3-qs36-pqfq
32
vulnerability VCID-wuv4-qn69-zygh
33
vulnerability VCID-x3bz-ehvb-jyfs
34
vulnerability VCID-xbur-n6na-d7g1
35
vulnerability VCID-yk5x-nt2m-5kgy
36
vulnerability VCID-zsxq-dasb-qyex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@6.2.0
aliases CVE-2019-16865, GHSA-j7mj-748x-7p78, PYSEC-2019-110
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vxtq-wjad-3ue3
31
url VCID-wfzw-3x26-tucg
vulnerability_id VCID-wfzw-3x26-tucg
summary path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.
references
0
reference_url https://github.com/advisories/GHSA-xrcv-f9gm-v42c
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-xrcv-f9gm-v42c
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-9.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-9.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331
4
reference_url https://github.com/python-pillow/Pillow/commit/5543e4e2d409cd9e409bc64cdc77be0af007a31f
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/5543e4e2d409cd9e409bc64cdc77be0af007a31f
5
reference_url https://github.com/python-pillow/Pillow/pull/5920
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/5920
6
reference_url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
7
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling
8
reference_url https://security.gentoo.org/glsa/202211-10
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202211-10
9
reference_url https://www.debian.org/security/2022/dsa-5053
reference_id
reference_type
scores
url https://www.debian.org/security/2022/dsa-5053
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22816
reference_id CVE-2022-22816
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-22816
fixed_packages
0
url pkg:pypi/pillow@9.0.0
purl pkg:pypi/pillow@9.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tub-w66m-uyfu
1
vulnerability VCID-9hza-srk7-sucy
2
vulnerability VCID-q8fz-36n2-vfh2
3
vulnerability VCID-vx7b-mwfx-5fg2
4
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.0
aliases CVE-2022-22816, GHSA-xrcv-f9gm-v42c, PYSEC-2022-9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wfzw-3x26-tucg
32
url VCID-whh3-qs36-pqfq
vulnerability_id VCID-whh3-qs36-pqfq
summary In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file.
references
0
reference_url https://github.com/advisories/GHSA-vj42-xq3r-hr3r
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-vj42-xq3r-hr3r
1
reference_url https://github.com/python-pillow/Pillow/commits/master/src/libImaging/
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commits/master/src/libImaging/
2
reference_url https://github.com/python-pillow/Pillow/pull/4505
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/4505
3
reference_url https://github.com/python-pillow/Pillow/pull/4538
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/4538
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
6
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/
7
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
8
reference_url https://usn.ubuntu.com/4430-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4430-1/
9
reference_url https://usn.ubuntu.com/4430-2/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4430-2/
fixed_packages
0
url pkg:pypi/pillow@7.0.0
purl pkg:pypi/pillow@7.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-3gam-zy4w-2ucr
2
vulnerability VCID-4tub-w66m-uyfu
3
vulnerability VCID-5h45-rcpb-q7bz
4
vulnerability VCID-7hcs-pkze-6ba4
5
vulnerability VCID-7v6e-3dxw-aubu
6
vulnerability VCID-7ya3-j9fa-zugj
7
vulnerability VCID-8z6g-5td3-g7ej
8
vulnerability VCID-9hza-srk7-sucy
9
vulnerability VCID-9v9s-wbu3-cqc7
10
vulnerability VCID-d4dx-wbrv-gqaa
11
vulnerability VCID-dkcx-xcb8-3fgj
12
vulnerability VCID-fq9j-ntxd-t3b3
13
vulnerability VCID-g48w-36yx-tue3
14
vulnerability VCID-gve2-x5zh-gqha
15
vulnerability VCID-htee-x1mv-sfhh
16
vulnerability VCID-jtq6-eykc-ykbz
17
vulnerability VCID-kjxw-f4f4-dydb
18
vulnerability VCID-prvn-bejg-kufb
19
vulnerability VCID-q8fz-36n2-vfh2
20
vulnerability VCID-qbfa-rky7-juh5
21
vulnerability VCID-qz6s-pjqj-7uet
22
vulnerability VCID-t3rz-wf43-a3bf
23
vulnerability VCID-tcda-8txy-7ygn
24
vulnerability VCID-vx7b-mwfx-5fg2
25
vulnerability VCID-wfzw-3x26-tucg
26
vulnerability VCID-wuv4-qn69-zygh
27
vulnerability VCID-x3bz-ehvb-jyfs
28
vulnerability VCID-xbur-n6na-d7g1
29
vulnerability VCID-yk5x-nt2m-5kgy
30
vulnerability VCID-zsxq-dasb-qyex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@7.0.0
aliases CVE-2020-10994, GHSA-vj42-xq3r-hr3r, PYSEC-2020-79
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-whh3-qs36-pqfq
33
url VCID-wuv4-qn69-zygh
vulnerability_id VCID-wuv4-qn69-zygh
summary An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.
references
0
reference_url https://github.com/advisories/GHSA-9hx2-hgq2-2g4f
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-9hx2-hgq2-2g4f
1
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-7ya3-j9fa-zugj
3
vulnerability VCID-9hza-srk7-sucy
4
vulnerability VCID-d4dx-wbrv-gqaa
5
vulnerability VCID-dkcx-xcb8-3fgj
6
vulnerability VCID-fq9j-ntxd-t3b3
7
vulnerability VCID-gve2-x5zh-gqha
8
vulnerability VCID-htee-x1mv-sfhh
9
vulnerability VCID-prvn-bejg-kufb
10
vulnerability VCID-q8fz-36n2-vfh2
11
vulnerability VCID-qbfa-rky7-juh5
12
vulnerability VCID-tcda-8txy-7ygn
13
vulnerability VCID-vx7b-mwfx-5fg2
14
vulnerability VCID-wfzw-3x26-tucg
15
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
aliases CVE-2021-25292, GHSA-9hx2-hgq2-2g4f, PYSEC-2021-38
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wuv4-qn69-zygh
34
url VCID-x3bz-ehvb-jyfs
vulnerability_id VCID-x3bz-ehvb-jyfs
summary An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.
references
0
reference_url https://devhub.checkmarx.com/cve-details/CVE-2023-44271/
reference_id
reference_type
scores
url https://devhub.checkmarx.com/cve-details/CVE-2023-44271/
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2023-227.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2023-227.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7
4
reference_url https://github.com/python-pillow/Pillow/pull/7244
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/7244
5
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N2JOEDUJDQLCUII2LQYZYSM7RJL2I3P4
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N2JOEDUJDQLCUII2LQYZYSM7RJL2I3P4
7
reference_url https://devhub.checkmarx.com/cve-details/CVE-2023-44271
reference_id CVE-2023-44271
reference_type
scores
url https://devhub.checkmarx.com/cve-details/CVE-2023-44271
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-44271
reference_id CVE-2023-44271
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-44271
9
reference_url https://github.com/advisories/GHSA-8ghj-p4vj-mr35
reference_id GHSA-8ghj-p4vj-mr35
reference_type
scores
url https://github.com/advisories/GHSA-8ghj-p4vj-mr35
fixed_packages
0
url pkg:pypi/pillow@10.0.0
purl pkg:pypi/pillow@10.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tub-w66m-uyfu
1
vulnerability VCID-9hza-srk7-sucy
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@10.0.0
aliases CVE-2023-44271, GHSA-8ghj-p4vj-mr35, PYSEC-2023-227
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x3bz-ehvb-jyfs
35
url VCID-xbur-n6na-d7g1
vulnerability_id VCID-xbur-n6na-d7g1
summary In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer.
references
0
reference_url https://github.com/advisories/GHSA-3xv8-3j54-hgrp
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-3xv8-3j54-hgrp
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-77.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-77.yaml
2
reference_url https://github.com/pypa/advisory-db/blob/7872b0a91b4d980f749e6d75a81f8cc1af32829f/vulns/pillow/PYSEC-2020-77.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-db/blob/7872b0a91b4d980f749e6d75a81f8cc1af32829f/vulns/pillow/PYSEC-2020-77.yaml
3
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
4
reference_url https://github.com/python-pillow/Pillow/commit/124f4bb591e16212605d0e41c413ed53e242cba2
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/124f4bb591e16212605d0e41c413ed53e242cba2
5
reference_url https://github.com/python-pillow/Pillow/commit/6a83e4324738bb0452fbe8074a995b1c73f08de7#diff-9478f2787e3ae9668a15123b165c23ac
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/6a83e4324738bb0452fbe8074a995b1c73f08de7#diff-9478f2787e3ae9668a15123b165c23ac
6
reference_url https://github.com/python-pillow/Pillow/commits/master/src/libImaging
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commits/master/src/libImaging
7
reference_url https://github.com/python-pillow/Pillow/issues/4750
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/issues/4750
8
reference_url https://github.com/python-pillow/Pillow/pull/4538
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/4538
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
13
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html
14
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
15
reference_url https://usn.ubuntu.com/4430-1
reference_id
reference_type
scores
url https://usn.ubuntu.com/4430-1
16
reference_url https://usn.ubuntu.com/4430-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4430-1/
17
reference_url https://usn.ubuntu.com/4430-2
reference_id
reference_type
scores
url https://usn.ubuntu.com/4430-2
18
reference_url https://usn.ubuntu.com/4430-2/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4430-2/
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10378
reference_id CVE-2020-10378
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-10378
fixed_packages
0
url pkg:pypi/pillow@7.1.0
purl pkg:pypi/pillow@7.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-3gam-zy4w-2ucr
2
vulnerability VCID-4tub-w66m-uyfu
3
vulnerability VCID-5h45-rcpb-q7bz
4
vulnerability VCID-7hcs-pkze-6ba4
5
vulnerability VCID-7v6e-3dxw-aubu
6
vulnerability VCID-7ya3-j9fa-zugj
7
vulnerability VCID-8z6g-5td3-g7ej
8
vulnerability VCID-9hza-srk7-sucy
9
vulnerability VCID-d4dx-wbrv-gqaa
10
vulnerability VCID-dkcx-xcb8-3fgj
11
vulnerability VCID-fq9j-ntxd-t3b3
12
vulnerability VCID-g48w-36yx-tue3
13
vulnerability VCID-gve2-x5zh-gqha
14
vulnerability VCID-htee-x1mv-sfhh
15
vulnerability VCID-kjxw-f4f4-dydb
16
vulnerability VCID-prvn-bejg-kufb
17
vulnerability VCID-q8fz-36n2-vfh2
18
vulnerability VCID-qbfa-rky7-juh5
19
vulnerability VCID-qz6s-pjqj-7uet
20
vulnerability VCID-tcda-8txy-7ygn
21
vulnerability VCID-vx7b-mwfx-5fg2
22
vulnerability VCID-wfzw-3x26-tucg
23
vulnerability VCID-wuv4-qn69-zygh
24
vulnerability VCID-x3bz-ehvb-jyfs
25
vulnerability VCID-yk5x-nt2m-5kgy
26
vulnerability VCID-zsxq-dasb-qyex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@7.1.0
aliases CVE-2020-10378, GHSA-3xv8-3j54-hgrp, PYSEC-2020-77
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xbur-n6na-d7g1
36
url VCID-yk5x-nt2m-5kgy
vulnerability_id VCID-yk5x-nt2m-5kgy
summary An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.
references
0
reference_url https://github.com/advisories/GHSA-mvg9-xffr-p774
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-mvg9-xffr-p774
1
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-7ya3-j9fa-zugj
3
vulnerability VCID-9hza-srk7-sucy
4
vulnerability VCID-d4dx-wbrv-gqaa
5
vulnerability VCID-dkcx-xcb8-3fgj
6
vulnerability VCID-fq9j-ntxd-t3b3
7
vulnerability VCID-gve2-x5zh-gqha
8
vulnerability VCID-htee-x1mv-sfhh
9
vulnerability VCID-prvn-bejg-kufb
10
vulnerability VCID-q8fz-36n2-vfh2
11
vulnerability VCID-qbfa-rky7-juh5
12
vulnerability VCID-tcda-8txy-7ygn
13
vulnerability VCID-vx7b-mwfx-5fg2
14
vulnerability VCID-wfzw-3x26-tucg
15
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
aliases CVE-2021-25291, GHSA-mvg9-xffr-p774, PYSEC-2021-37
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yk5x-nt2m-5kgy
37
url VCID-zsxq-dasb-qyex
vulnerability_id VCID-zsxq-dasb-qyex
summary Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.
references
0
reference_url https://github.com/advisories/GHSA-3wvg-mj6g-m9cv
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-3wvg-mj6g-m9cv
1
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
4
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-7ya3-j9fa-zugj
3
vulnerability VCID-9hza-srk7-sucy
4
vulnerability VCID-d4dx-wbrv-gqaa
5
vulnerability VCID-dkcx-xcb8-3fgj
6
vulnerability VCID-fq9j-ntxd-t3b3
7
vulnerability VCID-gve2-x5zh-gqha
8
vulnerability VCID-htee-x1mv-sfhh
9
vulnerability VCID-prvn-bejg-kufb
10
vulnerability VCID-q8fz-36n2-vfh2
11
vulnerability VCID-qbfa-rky7-juh5
12
vulnerability VCID-tcda-8txy-7ygn
13
vulnerability VCID-vx7b-mwfx-5fg2
14
vulnerability VCID-wfzw-3x26-tucg
15
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
aliases CVE-2021-27922, GHSA-3wvg-mj6g-m9cv, PYSEC-2021-41
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zsxq-dasb-qyex
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/pillow@5.0.0