Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/pillow@8.1.0
Typepypi
Namespace
Namepillow
Version8.1.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version12.2.0
Latest_non_vulnerable_version12.2.0
Affected_by_vulnerabilities
0
url VCID-2gpf-94cu-6fcd
vulnerability_id VCID-2gpf-94cu-6fcd
summary PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method.
references
0
reference_url https://github.com/advisories/GHSA-8vj2-vxx3-667w
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-8vj2-vxx3-667w
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-10.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-10.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/commit/8531b01d6cdf0b70f256f93092caa2a5d91afc11
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/8531b01d6cdf0b70f256f93092caa2a5d91afc11
4
reference_url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
5
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
6
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval
7
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security
8
reference_url https://security.gentoo.org/glsa/202211-10
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202211-10
9
reference_url https://www.debian.org/security/2022/dsa-5053
reference_id
reference_type
scores
url https://www.debian.org/security/2022/dsa-5053
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22817
reference_id CVE-2022-22817
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-22817
fixed_packages
0
url pkg:pypi/pillow@9.0.0
purl pkg:pypi/pillow@9.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tub-w66m-uyfu
1
vulnerability VCID-9hza-srk7-sucy
2
vulnerability VCID-q8fz-36n2-vfh2
3
vulnerability VCID-vx7b-mwfx-5fg2
4
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.0
1
url pkg:pypi/pillow@9.0.1
purl pkg:pypi/pillow@9.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tub-w66m-uyfu
1
vulnerability VCID-9hza-srk7-sucy
2
vulnerability VCID-vx7b-mwfx-5fg2
3
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.1
aliases CVE-2022-22817, GHSA-8vj2-vxx3-667w, PYSEC-2022-10
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2gpf-94cu-6fcd
1
url VCID-3gam-zy4w-2ucr
vulnerability_id VCID-3gam-zy4w-2ucr
summary Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.
references
0
reference_url https://github.com/advisories/GHSA-95q3-8gr9-gm8w
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-95q3-8gr9-gm8w
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-42.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-42.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
13
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
14
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
15
reference_url https://security.gentoo.org/glsa/202107-33
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202107-33
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27923
reference_id CVE-2021-27923
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-27923
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-7ya3-j9fa-zugj
3
vulnerability VCID-9hza-srk7-sucy
4
vulnerability VCID-d4dx-wbrv-gqaa
5
vulnerability VCID-dkcx-xcb8-3fgj
6
vulnerability VCID-fq9j-ntxd-t3b3
7
vulnerability VCID-gve2-x5zh-gqha
8
vulnerability VCID-htee-x1mv-sfhh
9
vulnerability VCID-prvn-bejg-kufb
10
vulnerability VCID-q8fz-36n2-vfh2
11
vulnerability VCID-qbfa-rky7-juh5
12
vulnerability VCID-tcda-8txy-7ygn
13
vulnerability VCID-vx7b-mwfx-5fg2
14
vulnerability VCID-wfzw-3x26-tucg
15
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
1
url pkg:pypi/pillow@8.1.2
purl pkg:pypi/pillow@8.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-7ya3-j9fa-zugj
3
vulnerability VCID-9hza-srk7-sucy
4
vulnerability VCID-d4dx-wbrv-gqaa
5
vulnerability VCID-dkcx-xcb8-3fgj
6
vulnerability VCID-fq9j-ntxd-t3b3
7
vulnerability VCID-gve2-x5zh-gqha
8
vulnerability VCID-htee-x1mv-sfhh
9
vulnerability VCID-prvn-bejg-kufb
10
vulnerability VCID-q8fz-36n2-vfh2
11
vulnerability VCID-qbfa-rky7-juh5
12
vulnerability VCID-tcda-8txy-7ygn
13
vulnerability VCID-vx7b-mwfx-5fg2
14
vulnerability VCID-wfzw-3x26-tucg
15
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.2
aliases CVE-2021-27923, GHSA-95q3-8gr9-gm8w, PYSEC-2021-42
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3gam-zy4w-2ucr
2
url VCID-4tub-w66m-uyfu
vulnerability_id VCID-4tub-w66m-uyfu
summary Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). Pillow v10.0.1 upgrades the bundled libwebp binary to v1.3.2.
references
0
reference_url https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst#1001-2023-09-15
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst#1001-2023-09-15
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-4863
reference_id
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-4863
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-5129
reference_id
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-5129
fixed_packages
0
url pkg:pypi/pillow@10.0.1
purl pkg:pypi/pillow@10.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9hza-srk7-sucy
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@10.0.1
aliases PYSEC-2023-175
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4tub-w66m-uyfu
3
url VCID-5h45-rcpb-q7bz
vulnerability_id VCID-5h45-rcpb-q7bz
summary An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.
references
0
reference_url https://github.com/advisories/GHSA-57h3-9rgr-c24m
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-57h3-9rgr-c24m
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-35.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-35.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/commit/3fee28eb9479bf7d59e0fa08068f9cc4a6e2f04c
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/3fee28eb9479bf7d59e0fa08068f9cc4a6e2f04c
4
reference_url https://github.com/python-pillow/Pillow/commit/cbfdde7b1f2295059a20a539ee9960f0bec7b299
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/cbfdde7b1f2295059a20a539ee9960f0bec7b299
5
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
6
reference_url https://security.gentoo.org/glsa/202107-33
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202107-33
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-25289
reference_id CVE-2021-25289
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-25289
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-7ya3-j9fa-zugj
3
vulnerability VCID-9hza-srk7-sucy
4
vulnerability VCID-d4dx-wbrv-gqaa
5
vulnerability VCID-dkcx-xcb8-3fgj
6
vulnerability VCID-fq9j-ntxd-t3b3
7
vulnerability VCID-gve2-x5zh-gqha
8
vulnerability VCID-htee-x1mv-sfhh
9
vulnerability VCID-prvn-bejg-kufb
10
vulnerability VCID-q8fz-36n2-vfh2
11
vulnerability VCID-qbfa-rky7-juh5
12
vulnerability VCID-tcda-8txy-7ygn
13
vulnerability VCID-vx7b-mwfx-5fg2
14
vulnerability VCID-wfzw-3x26-tucg
15
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
aliases CVE-2021-25289, GHSA-57h3-9rgr-c24m, PYSEC-2021-35
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5h45-rcpb-q7bz
4
url VCID-7ya3-j9fa-zugj
vulnerability_id VCID-7ya3-j9fa-zugj
summary arbitrary code execution
references
0
reference_url https://github.com/advisories/GHSA-7534-mm45-c74v
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-7534-mm45-c74v
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-331.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-331.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/commit/31c473898c29d1b7cb6555ce67d9503a4906b83f
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/31c473898c29d1b7cb6555ce67d9503a4906b83f
4
reference_url https://github.com/python-pillow/Pillow/pull/5567
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/5567
5
reference_url https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V6LCG525ARIX6LX5QRYNAWVDD2MD2SV
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V6LCG525ARIX6LX5QRYNAWVDD2MD2SV
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V6LCG525ARIX6LX5QRYNAWVDD2MD2SV/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V6LCG525ARIX6LX5QRYNAWVDD2MD2SV/
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUGBBT63VL7G4JNOEIPDJIOC34ZFBKNJ
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUGBBT63VL7G4JNOEIPDJIOC34ZFBKNJ
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUGBBT63VL7G4JNOEIPDJIOC34ZFBKNJ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUGBBT63VL7G4JNOEIPDJIOC34ZFBKNJ/
10
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow
11
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/index.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/index.html
12
reference_url https://security.gentoo.org/glsa/202211-10
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202211-10
13
reference_url https://security.archlinux.org/ASA-202107-26
reference_id ASA-202107-26
reference_type
scores
url https://security.archlinux.org/ASA-202107-26
14
reference_url https://security.archlinux.org/AVG-2150
reference_id AVG-2150
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2150
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-34552
reference_id CVE-2021-34552
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-34552
fixed_packages
0
url pkg:pypi/pillow@8.3.0
purl pkg:pypi/pillow@8.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-9hza-srk7-sucy
3
vulnerability VCID-d4dx-wbrv-gqaa
4
vulnerability VCID-dkcx-xcb8-3fgj
5
vulnerability VCID-q8fz-36n2-vfh2
6
vulnerability VCID-vx7b-mwfx-5fg2
7
vulnerability VCID-wfzw-3x26-tucg
8
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.3.0
aliases CVE-2021-34552, GHSA-7534-mm45-c74v, PYSEC-2021-331
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7ya3-j9fa-zugj
5
url VCID-8z6g-5td3-g7ej
vulnerability_id VCID-8z6g-5td3-g7ej
summary An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.
references
0
reference_url https://github.com/advisories/GHSA-p43w-g3c5-g5mq
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-p43w-g3c5-g5mq
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-39.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-39.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/commit/4853e522bddbec66022c0915b9a56255d0188bf9
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/4853e522bddbec66022c0915b9a56255d0188bf9
4
reference_url https://github.com/python-pillow/Pillow/commit/f891baa604636cd2506a9360d170bc2cf4963cc5
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/f891baa604636cd2506a9360d170bc2cf4963cc5
5
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
6
reference_url https://security.gentoo.org/glsa/202107-33
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202107-33
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-25293
reference_id CVE-2021-25293
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-25293
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-7ya3-j9fa-zugj
3
vulnerability VCID-9hza-srk7-sucy
4
vulnerability VCID-d4dx-wbrv-gqaa
5
vulnerability VCID-dkcx-xcb8-3fgj
6
vulnerability VCID-fq9j-ntxd-t3b3
7
vulnerability VCID-gve2-x5zh-gqha
8
vulnerability VCID-htee-x1mv-sfhh
9
vulnerability VCID-prvn-bejg-kufb
10
vulnerability VCID-q8fz-36n2-vfh2
11
vulnerability VCID-qbfa-rky7-juh5
12
vulnerability VCID-tcda-8txy-7ygn
13
vulnerability VCID-vx7b-mwfx-5fg2
14
vulnerability VCID-wfzw-3x26-tucg
15
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
aliases CVE-2021-25293, GHSA-p43w-g3c5-g5mq, PYSEC-2021-39
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8z6g-5td3-g7ej
6
url VCID-9hza-srk7-sucy
vulnerability_id VCID-9hza-srk7-sucy
summary Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42308.json
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42308.json
1
reference_url https://github.com/python-pillow/Pillow/releases/tag/12.2.0
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://github.com/python-pillow/Pillow/releases/tag/12.2.0
2
reference_url https://github.com/python-pillow/Pillow/security/advisories/GHSA-wjx4-4jcj-g98j
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://github.com/python-pillow/Pillow/security/advisories/GHSA-wjx4-4jcj-g98j
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2468457
reference_id 2468457
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2468457
fixed_packages
0
url pkg:pypi/pillow@12.2.0
purl pkg:pypi/pillow@12.2.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@12.2.0
aliases CVE-2026-42308, GHSA-wjx4-4jcj-g98j, PYSEC-2026-165
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9hza-srk7-sucy
7
url VCID-d4dx-wbrv-gqaa
vulnerability_id VCID-d4dx-wbrv-gqaa
summary path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.
references
0
reference_url https://github.com/advisories/GHSA-pw3c-h7wp-cvhx
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-pw3c-h7wp-cvhx
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-8.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-8.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331
4
reference_url https://github.com/python-pillow/Pillow/blob/e8ab5640774716c5486d3cb05167f74f742ad6ef/CHANGES.rst?plain=1#L1187
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/blob/e8ab5640774716c5486d3cb05167f74f742ad6ef/CHANGES.rst?plain=1#L1187
5
reference_url https://github.com/python-pillow/Pillow/commit/1e092419b6806495c683043ab3feb6ce264f3b9c
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/1e092419b6806495c683043ab3feb6ce264f3b9c
6
reference_url https://github.com/python-pillow/Pillow/commit/c48271ab354db49cdbd740bc45e13be4f0f7993c
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/c48271ab354db49cdbd740bc45e13be4f0f7993c
7
reference_url https://github.com/python-pillow/Pillow/pull/5920
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/5920
8
reference_url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
9
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling
10
reference_url https://www.debian.org/security/2022/dsa-5053
reference_id
reference_type
scores
url https://www.debian.org/security/2022/dsa-5053
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22815
reference_id CVE-2022-22815
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-22815
fixed_packages
0
url pkg:pypi/pillow@9.0.0
purl pkg:pypi/pillow@9.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tub-w66m-uyfu
1
vulnerability VCID-9hza-srk7-sucy
2
vulnerability VCID-q8fz-36n2-vfh2
3
vulnerability VCID-vx7b-mwfx-5fg2
4
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.0
aliases CVE-2022-22815, GHSA-pw3c-h7wp-cvhx, PYSEC-2022-8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d4dx-wbrv-gqaa
8
url VCID-dkcx-xcb8-3fgj
vulnerability_id VCID-dkcx-xcb8-3fgj
summary The package pillow from 0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.
references
0
reference_url https://github.com/advisories/GHSA-98vv-pw6r-q6q4
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-98vv-pw6r-q6q4
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-317.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-317.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b
4
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT
9
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html
10
reference_url https://security.gentoo.org/glsa/202211-10
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202211-10
11
reference_url https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443
reference_id
reference_type
scores
url https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-23437
reference_id CVE-2021-23437
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-23437
fixed_packages
0
url pkg:pypi/pillow@8.3.2
purl pkg:pypi/pillow@8.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-9hza-srk7-sucy
3
vulnerability VCID-d4dx-wbrv-gqaa
4
vulnerability VCID-q8fz-36n2-vfh2
5
vulnerability VCID-vx7b-mwfx-5fg2
6
vulnerability VCID-wfzw-3x26-tucg
7
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.3.2
aliases CVE-2021-23437, GHSA-98vv-pw6r-q6q4, PYSEC-2021-317, SNYK-PYTHON-PILLOW-1319443
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dkcx-xcb8-3fgj
9
url VCID-fq9j-ntxd-t3b3
vulnerability_id VCID-fq9j-ntxd-t3b3
summary An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.
references
0
reference_url https://github.com/advisories/GHSA-77gc-v2xv-rvvh
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-77gc-v2xv-rvvh
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-137.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-137.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87
4
reference_url https://github.com/python-pillow/Pillow/pull/5377/commits/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/5377/commits/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87
5
reference_url https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
8
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
9
reference_url https://security.gentoo.org/glsa/202107-33
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202107-33
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-25287
reference_id CVE-2021-25287
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-25287
fixed_packages
0
url pkg:pypi/pillow@8.2.0
purl pkg:pypi/pillow@8.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-7ya3-j9fa-zugj
3
vulnerability VCID-9hza-srk7-sucy
4
vulnerability VCID-d4dx-wbrv-gqaa
5
vulnerability VCID-dkcx-xcb8-3fgj
6
vulnerability VCID-q8fz-36n2-vfh2
7
vulnerability VCID-vx7b-mwfx-5fg2
8
vulnerability VCID-wfzw-3x26-tucg
9
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0
aliases CVE-2021-25287, GHSA-77gc-v2xv-rvvh, PYSEC-2021-137
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fq9j-ntxd-t3b3
10
url VCID-g48w-36yx-tue3
vulnerability_id VCID-g48w-36yx-tue3
summary Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.
references
0
reference_url https://github.com/advisories/GHSA-f4w8-cv6p-x6r5
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-f4w8-cv6p-x6r5
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-40.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-40.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
13
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
14
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
15
reference_url https://security.gentoo.org/glsa/202107-33
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202107-33
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27921
reference_id CVE-2021-27921
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-27921
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-7ya3-j9fa-zugj
3
vulnerability VCID-9hza-srk7-sucy
4
vulnerability VCID-d4dx-wbrv-gqaa
5
vulnerability VCID-dkcx-xcb8-3fgj
6
vulnerability VCID-fq9j-ntxd-t3b3
7
vulnerability VCID-gve2-x5zh-gqha
8
vulnerability VCID-htee-x1mv-sfhh
9
vulnerability VCID-prvn-bejg-kufb
10
vulnerability VCID-q8fz-36n2-vfh2
11
vulnerability VCID-qbfa-rky7-juh5
12
vulnerability VCID-tcda-8txy-7ygn
13
vulnerability VCID-vx7b-mwfx-5fg2
14
vulnerability VCID-wfzw-3x26-tucg
15
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
1
url pkg:pypi/pillow@8.1.2
purl pkg:pypi/pillow@8.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-7ya3-j9fa-zugj
3
vulnerability VCID-9hza-srk7-sucy
4
vulnerability VCID-d4dx-wbrv-gqaa
5
vulnerability VCID-dkcx-xcb8-3fgj
6
vulnerability VCID-fq9j-ntxd-t3b3
7
vulnerability VCID-gve2-x5zh-gqha
8
vulnerability VCID-htee-x1mv-sfhh
9
vulnerability VCID-prvn-bejg-kufb
10
vulnerability VCID-q8fz-36n2-vfh2
11
vulnerability VCID-qbfa-rky7-juh5
12
vulnerability VCID-tcda-8txy-7ygn
13
vulnerability VCID-vx7b-mwfx-5fg2
14
vulnerability VCID-wfzw-3x26-tucg
15
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.2
aliases CVE-2021-27921, GHSA-f4w8-cv6p-x6r5, PYSEC-2021-40
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g48w-36yx-tue3
11
url VCID-gve2-x5zh-gqha
vulnerability_id VCID-gve2-x5zh-gqha
summary An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load.
references
0
reference_url https://github.com/advisories/GHSA-g6rj-rv7j-xwp4
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-g6rj-rv7j-xwp4
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-139.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-139.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/pull/5377/commits/22e9bee4ef225c0edbb9323f94c26cee0c623497
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/5377/commits/22e9bee4ef225c0edbb9323f94c26cee0c623497
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
6
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fix-dos-in-psdimageplugin
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fix-dos-in-psdimageplugin
7
reference_url https://security.gentoo.org/glsa/202107-33
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202107-33
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-28675
reference_id CVE-2021-28675
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-28675
fixed_packages
0
url pkg:pypi/pillow@8.2.0
purl pkg:pypi/pillow@8.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-7ya3-j9fa-zugj
3
vulnerability VCID-9hza-srk7-sucy
4
vulnerability VCID-d4dx-wbrv-gqaa
5
vulnerability VCID-dkcx-xcb8-3fgj
6
vulnerability VCID-q8fz-36n2-vfh2
7
vulnerability VCID-vx7b-mwfx-5fg2
8
vulnerability VCID-wfzw-3x26-tucg
9
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0
aliases CVE-2021-28675, GHSA-g6rj-rv7j-xwp4, PYSEC-2021-139
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gve2-x5zh-gqha
12
url VCID-htee-x1mv-sfhh
vulnerability_id VCID-htee-x1mv-sfhh
summary An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a DoS of Pillow in the open phase, before an image was accepted for opening.
references
0
reference_url https://github.com/advisories/GHSA-q5hq-fp76-qmrc
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-q5hq-fp76-qmrc
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-93.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-93.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/commit/5a5e6db0abf4e7a638fb1b3408c4e495a096cb92
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/5a5e6db0abf4e7a638fb1b3408c4e495a096cb92
4
reference_url https://github.com/python-pillow/Pillow/pull/5377
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/5377
5
reference_url https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
8
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28677-fix-eps-dos-on-open
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28677-fix-eps-dos-on-open
9
reference_url https://security.gentoo.org/glsa/202107-33
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202107-33
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-28677
reference_id CVE-2021-28677
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-28677
fixed_packages
0
url pkg:pypi/pillow@8.2.0
purl pkg:pypi/pillow@8.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-7ya3-j9fa-zugj
3
vulnerability VCID-9hza-srk7-sucy
4
vulnerability VCID-d4dx-wbrv-gqaa
5
vulnerability VCID-dkcx-xcb8-3fgj
6
vulnerability VCID-q8fz-36n2-vfh2
7
vulnerability VCID-vx7b-mwfx-5fg2
8
vulnerability VCID-wfzw-3x26-tucg
9
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0
aliases CVE-2021-28677, GHSA-q5hq-fp76-qmrc, PYSEC-2021-93
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-htee-x1mv-sfhh
13
url VCID-prvn-bejg-kufb
vulnerability_id VCID-prvn-bejg-kufb
summary An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i.
references
0
reference_url https://github.com/advisories/GHSA-rwv7-3v45-hg29
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-rwv7-3v45-hg29
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-138.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-138.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87
4
reference_url https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
7
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
8
reference_url https://security.gentoo.org/glsa/202107-33
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202107-33
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-25288
reference_id CVE-2021-25288
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-25288
fixed_packages
0
url pkg:pypi/pillow@8.2.0
purl pkg:pypi/pillow@8.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-7ya3-j9fa-zugj
3
vulnerability VCID-9hza-srk7-sucy
4
vulnerability VCID-d4dx-wbrv-gqaa
5
vulnerability VCID-dkcx-xcb8-3fgj
6
vulnerability VCID-q8fz-36n2-vfh2
7
vulnerability VCID-vx7b-mwfx-5fg2
8
vulnerability VCID-wfzw-3x26-tucg
9
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0
aliases CVE-2021-25288, GHSA-rwv7-3v45-hg29, PYSEC-2021-138
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-prvn-bejg-kufb
14
url VCID-q8fz-36n2-vfh2
vulnerability_id VCID-q8fz-36n2-vfh2
summary Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.
references
0
reference_url https://github.com/advisories/GHSA-9j59-75qj-795w
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-9j59-75qj-795w
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-168.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-168.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/blob/e8ab5640774716c5486d3cb05167f74f742ad6ef/CHANGES.rst?plain=1#L1172
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/blob/e8ab5640774716c5486d3cb05167f74f742ad6ef/CHANGES.rst?plain=1#L1172
4
reference_url https://github.com/python-pillow/Pillow/commit/10c4f75aaa383bd9671e923e3b91d391ea12d781
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/10c4f75aaa383bd9671e923e3b91d391ea12d781
5
reference_url https://github.com/python-pillow/Pillow/commit/143032103c9f2d55a0a7960bd3e630cb72549e8a
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/143032103c9f2d55a0a7960bd3e630cb72549e8a
6
reference_url https://github.com/python-pillow/Pillow/commit/427221ef5f19157001bf8b1ad7cfe0b905ca8c26
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/427221ef5f19157001bf8b1ad7cfe0b905ca8c26
7
reference_url https://github.com/python-pillow/Pillow/pull/3450
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/3450
8
reference_url https://github.com/python-pillow/Pillow/pull/6010
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/6010
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W4ZUXPKEX72O3E5IHBPVY5ZCPMJ4GHHV
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W4ZUXPKEX72O3E5IHBPVY5ZCPMJ4GHHV
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XR6UP2XONXOVXI4446VY72R63YRO2YTP
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XR6UP2XONXOVXI4446VY72R63YRO2YTP
11
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security
12
reference_url https://security.gentoo.org/glsa/202211-10
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202211-10
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24303
reference_id CVE-2022-24303
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-24303
fixed_packages
0
url pkg:pypi/pillow@9.0.1
purl pkg:pypi/pillow@9.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tub-w66m-uyfu
1
vulnerability VCID-9hza-srk7-sucy
2
vulnerability VCID-vx7b-mwfx-5fg2
3
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.1
aliases CVE-2022-24303, GHSA-9j59-75qj-795w, GMS-2022-348, PYSEC-2022-168
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q8fz-36n2-vfh2
15
url VCID-qbfa-rky7-juh5
vulnerability_id VCID-qbfa-rky7-juh5
summary An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load.
references
0
reference_url https://github.com/advisories/GHSA-7r7m-5h27-29hp
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-7r7m-5h27-29hp
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-92.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-92.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/commit/bb6c11fb889e6c11b0ee122b828132ee763b5856
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/bb6c11fb889e6c11b0ee122b828132ee763b5856
4
reference_url https://github.com/python-pillow/Pillow/pull/5377
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/5377
5
reference_url https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
9
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28676-fix-fli-dos
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28676-fix-fli-dos
10
reference_url https://security.gentoo.org/glsa/202107-33
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202107-33
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-28676
reference_id CVE-2021-28676
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-28676
fixed_packages
0
url pkg:pypi/pillow@8.2.0
purl pkg:pypi/pillow@8.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-7ya3-j9fa-zugj
3
vulnerability VCID-9hza-srk7-sucy
4
vulnerability VCID-d4dx-wbrv-gqaa
5
vulnerability VCID-dkcx-xcb8-3fgj
6
vulnerability VCID-q8fz-36n2-vfh2
7
vulnerability VCID-vx7b-mwfx-5fg2
8
vulnerability VCID-wfzw-3x26-tucg
9
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0
aliases CVE-2021-28676, GHSA-7r7m-5h27-29hp, PYSEC-2021-92
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qbfa-rky7-juh5
16
url VCID-qz6s-pjqj-7uet
vulnerability_id VCID-qz6s-pjqj-7uet
summary An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.
references
0
reference_url https://github.com/advisories/GHSA-8xjq-8fcg-g5hw
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-8xjq-8fcg-g5hw
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-36.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-36.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/commit/86f02f7c70862a0954bfe8133736d352db978eaa
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/86f02f7c70862a0954bfe8133736d352db978eaa
4
reference_url https://github.com/python-pillow/Pillow/commit/e25be1e33dc526bfd1094bc778a54d8e29bf66c9
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/e25be1e33dc526bfd1094bc778a54d8e29bf66c9
5
reference_url https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
6
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
7
reference_url https://security.gentoo.org/glsa/202107-33
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202107-33
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-25290
reference_id CVE-2021-25290
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-25290
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-7ya3-j9fa-zugj
3
vulnerability VCID-9hza-srk7-sucy
4
vulnerability VCID-d4dx-wbrv-gqaa
5
vulnerability VCID-dkcx-xcb8-3fgj
6
vulnerability VCID-fq9j-ntxd-t3b3
7
vulnerability VCID-gve2-x5zh-gqha
8
vulnerability VCID-htee-x1mv-sfhh
9
vulnerability VCID-prvn-bejg-kufb
10
vulnerability VCID-q8fz-36n2-vfh2
11
vulnerability VCID-qbfa-rky7-juh5
12
vulnerability VCID-tcda-8txy-7ygn
13
vulnerability VCID-vx7b-mwfx-5fg2
14
vulnerability VCID-wfzw-3x26-tucg
15
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
aliases CVE-2021-25290, GHSA-8xjq-8fcg-g5hw, PYSEC-2021-36
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qz6s-pjqj-7uet
17
url VCID-tcda-8txy-7ygn
vulnerability_id VCID-tcda-8txy-7ygn
summary An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data.
references
0
reference_url https://github.com/advisories/GHSA-hjfx-8p6c-g7gx
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-hjfx-8p6c-g7gx
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-94.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-94.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/pull/5377
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/5377
4
reference_url https://github.com/python-pillow/Pillow/pull/5377/commits/496245aa4365d0827390bd0b6fbd11287453b3a1
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/5377/commits/496245aa4365d0827390bd0b6fbd11287453b3a1
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
7
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28678-fix-blp-dos
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28678-fix-blp-dos
8
reference_url https://security.gentoo.org/glsa/202107-33
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202107-33
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-28678
reference_id CVE-2021-28678
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-28678
fixed_packages
0
url pkg:pypi/pillow@8.2.0
purl pkg:pypi/pillow@8.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-7ya3-j9fa-zugj
3
vulnerability VCID-9hza-srk7-sucy
4
vulnerability VCID-d4dx-wbrv-gqaa
5
vulnerability VCID-dkcx-xcb8-3fgj
6
vulnerability VCID-q8fz-36n2-vfh2
7
vulnerability VCID-vx7b-mwfx-5fg2
8
vulnerability VCID-wfzw-3x26-tucg
9
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0
aliases CVE-2021-28678, GHSA-hjfx-8p6c-g7gx, PYSEC-2021-94
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tcda-8txy-7ygn
18
url VCID-vx7b-mwfx-5fg2
vulnerability_id VCID-vx7b-mwfx-5fg2
summary Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).
references
0
reference_url https://bugs.gentoo.org/855683
reference_id
reference_type
scores
url https://bugs.gentoo.org/855683
1
reference_url https://cwe.mitre.org/data/definitions/409.html
reference_id
reference_type
scores
url https://cwe.mitre.org/data/definitions/409.html
2
reference_url https://github.com/python-pillow/Pillow/commit/11918eac0628ec8ac0812670d9838361ead2d6a4
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/11918eac0628ec8ac0812670d9838361ead2d6a4
3
reference_url https://github.com/python-pillow/Pillow/pull/6402
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/6402
4
reference_url https://github.com/python-pillow/Pillow/releases/tag/9.2.0
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/releases/tag/9.2.0
fixed_packages
0
url pkg:pypi/pillow@9.2.0
purl pkg:pypi/pillow@9.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tub-w66m-uyfu
1
vulnerability VCID-9hza-srk7-sucy
2
vulnerability VCID-q325-dhha-83b2
3
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.2.0
aliases CVE-2022-45198, PYSEC-2022-42979
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vx7b-mwfx-5fg2
19
url VCID-wfzw-3x26-tucg
vulnerability_id VCID-wfzw-3x26-tucg
summary path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.
references
0
reference_url https://github.com/advisories/GHSA-xrcv-f9gm-v42c
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-xrcv-f9gm-v42c
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-9.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-9.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331
4
reference_url https://github.com/python-pillow/Pillow/commit/5543e4e2d409cd9e409bc64cdc77be0af007a31f
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/5543e4e2d409cd9e409bc64cdc77be0af007a31f
5
reference_url https://github.com/python-pillow/Pillow/pull/5920
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/5920
6
reference_url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
7
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling
8
reference_url https://security.gentoo.org/glsa/202211-10
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202211-10
9
reference_url https://www.debian.org/security/2022/dsa-5053
reference_id
reference_type
scores
url https://www.debian.org/security/2022/dsa-5053
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22816
reference_id CVE-2022-22816
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-22816
fixed_packages
0
url pkg:pypi/pillow@9.0.0
purl pkg:pypi/pillow@9.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tub-w66m-uyfu
1
vulnerability VCID-9hza-srk7-sucy
2
vulnerability VCID-q8fz-36n2-vfh2
3
vulnerability VCID-vx7b-mwfx-5fg2
4
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.0
aliases CVE-2022-22816, GHSA-xrcv-f9gm-v42c, PYSEC-2022-9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wfzw-3x26-tucg
20
url VCID-wuv4-qn69-zygh
vulnerability_id VCID-wuv4-qn69-zygh
summary An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.
references
0
reference_url https://github.com/advisories/GHSA-9hx2-hgq2-2g4f
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-9hx2-hgq2-2g4f
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-38.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-38.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/commit/3bce145966374dd39ce58a6fc0083f8d1890719c
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/3bce145966374dd39ce58a6fc0083f8d1890719c
4
reference_url https://github.com/python-pillow/Pillow/commit/521dab94c7ab72b037bd9a83e9663401e0fd2cee
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/521dab94c7ab72b037bd9a83e9663401e0fd2cee
5
reference_url https://github.com/python-pillow/Pillow/commit/6207b44ab1ff4a91d8ddc7579619876d0bb191a4
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/6207b44ab1ff4a91d8ddc7579619876d0bb191a4
6
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
7
reference_url https://security.gentoo.org/glsa/202107-33
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202107-33
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-25292
reference_id CVE-2021-25292
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-25292
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-7ya3-j9fa-zugj
3
vulnerability VCID-9hza-srk7-sucy
4
vulnerability VCID-d4dx-wbrv-gqaa
5
vulnerability VCID-dkcx-xcb8-3fgj
6
vulnerability VCID-fq9j-ntxd-t3b3
7
vulnerability VCID-gve2-x5zh-gqha
8
vulnerability VCID-htee-x1mv-sfhh
9
vulnerability VCID-prvn-bejg-kufb
10
vulnerability VCID-q8fz-36n2-vfh2
11
vulnerability VCID-qbfa-rky7-juh5
12
vulnerability VCID-tcda-8txy-7ygn
13
vulnerability VCID-vx7b-mwfx-5fg2
14
vulnerability VCID-wfzw-3x26-tucg
15
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
aliases CVE-2021-25292, GHSA-9hx2-hgq2-2g4f, PYSEC-2021-38
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wuv4-qn69-zygh
21
url VCID-x3bz-ehvb-jyfs
vulnerability_id VCID-x3bz-ehvb-jyfs
summary An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.
references
0
reference_url https://devhub.checkmarx.com/cve-details/CVE-2023-44271/
reference_id
reference_type
scores
url https://devhub.checkmarx.com/cve-details/CVE-2023-44271/
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2023-227.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2023-227.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7
4
reference_url https://github.com/python-pillow/Pillow/pull/7244
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/7244
5
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N2JOEDUJDQLCUII2LQYZYSM7RJL2I3P4
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N2JOEDUJDQLCUII2LQYZYSM7RJL2I3P4
7
reference_url https://devhub.checkmarx.com/cve-details/CVE-2023-44271
reference_id CVE-2023-44271
reference_type
scores
url https://devhub.checkmarx.com/cve-details/CVE-2023-44271
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-44271
reference_id CVE-2023-44271
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-44271
9
reference_url https://github.com/advisories/GHSA-8ghj-p4vj-mr35
reference_id GHSA-8ghj-p4vj-mr35
reference_type
scores
url https://github.com/advisories/GHSA-8ghj-p4vj-mr35
fixed_packages
0
url pkg:pypi/pillow@10.0.0
purl pkg:pypi/pillow@10.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tub-w66m-uyfu
1
vulnerability VCID-9hza-srk7-sucy
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@10.0.0
aliases CVE-2023-44271, GHSA-8ghj-p4vj-mr35, PYSEC-2023-227
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x3bz-ehvb-jyfs
22
url VCID-yk5x-nt2m-5kgy
vulnerability_id VCID-yk5x-nt2m-5kgy
summary An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.
references
0
reference_url https://github.com/advisories/GHSA-mvg9-xffr-p774
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-mvg9-xffr-p774
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-37.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-37.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/commit/8b8076bdcb3815be0ef0d279651d8d1342b8ea61
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/8b8076bdcb3815be0ef0d279651d8d1342b8ea61
4
reference_url https://github.com/python-pillow/Pillow/commit/cbdce6c5d054fccaf4af34b47f212355c64ace7a
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/cbdce6c5d054fccaf4af34b47f212355c64ace7a
5
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
6
reference_url https://security.gentoo.org/glsa/202107-33
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202107-33
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-25291
reference_id CVE-2021-25291
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-25291
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-7ya3-j9fa-zugj
3
vulnerability VCID-9hza-srk7-sucy
4
vulnerability VCID-d4dx-wbrv-gqaa
5
vulnerability VCID-dkcx-xcb8-3fgj
6
vulnerability VCID-fq9j-ntxd-t3b3
7
vulnerability VCID-gve2-x5zh-gqha
8
vulnerability VCID-htee-x1mv-sfhh
9
vulnerability VCID-prvn-bejg-kufb
10
vulnerability VCID-q8fz-36n2-vfh2
11
vulnerability VCID-qbfa-rky7-juh5
12
vulnerability VCID-tcda-8txy-7ygn
13
vulnerability VCID-vx7b-mwfx-5fg2
14
vulnerability VCID-wfzw-3x26-tucg
15
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
1
url pkg:pypi/pillow@8.2.0
purl pkg:pypi/pillow@8.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-7ya3-j9fa-zugj
3
vulnerability VCID-9hza-srk7-sucy
4
vulnerability VCID-d4dx-wbrv-gqaa
5
vulnerability VCID-dkcx-xcb8-3fgj
6
vulnerability VCID-q8fz-36n2-vfh2
7
vulnerability VCID-vx7b-mwfx-5fg2
8
vulnerability VCID-wfzw-3x26-tucg
9
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0
aliases CVE-2021-25291, GHSA-mvg9-xffr-p774, PYSEC-2021-37
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yk5x-nt2m-5kgy
23
url VCID-zsxq-dasb-qyex
vulnerability_id VCID-zsxq-dasb-qyex
summary Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.
references
0
reference_url https://github.com/advisories/GHSA-3wvg-mj6g-m9cv
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-3wvg-mj6g-m9cv
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-41.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-41.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
13
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
14
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
15
reference_url https://security.gentoo.org/glsa/202107-33
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202107-33
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27922
reference_id CVE-2021-27922
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-27922
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-7ya3-j9fa-zugj
3
vulnerability VCID-9hza-srk7-sucy
4
vulnerability VCID-d4dx-wbrv-gqaa
5
vulnerability VCID-dkcx-xcb8-3fgj
6
vulnerability VCID-fq9j-ntxd-t3b3
7
vulnerability VCID-gve2-x5zh-gqha
8
vulnerability VCID-htee-x1mv-sfhh
9
vulnerability VCID-prvn-bejg-kufb
10
vulnerability VCID-q8fz-36n2-vfh2
11
vulnerability VCID-qbfa-rky7-juh5
12
vulnerability VCID-tcda-8txy-7ygn
13
vulnerability VCID-vx7b-mwfx-5fg2
14
vulnerability VCID-wfzw-3x26-tucg
15
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
1
url pkg:pypi/pillow@8.1.2
purl pkg:pypi/pillow@8.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-7ya3-j9fa-zugj
3
vulnerability VCID-9hza-srk7-sucy
4
vulnerability VCID-d4dx-wbrv-gqaa
5
vulnerability VCID-dkcx-xcb8-3fgj
6
vulnerability VCID-fq9j-ntxd-t3b3
7
vulnerability VCID-gve2-x5zh-gqha
8
vulnerability VCID-htee-x1mv-sfhh
9
vulnerability VCID-prvn-bejg-kufb
10
vulnerability VCID-q8fz-36n2-vfh2
11
vulnerability VCID-qbfa-rky7-juh5
12
vulnerability VCID-tcda-8txy-7ygn
13
vulnerability VCID-vx7b-mwfx-5fg2
14
vulnerability VCID-wfzw-3x26-tucg
15
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.2
aliases CVE-2021-27922, GHSA-3wvg-mj6g-m9cv, PYSEC-2021-41
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zsxq-dasb-qyex
Fixing_vulnerabilities
0
url VCID-7hcs-pkze-6ba4
vulnerability_id VCID-7hcs-pkze-6ba4
summary In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.
references
0
reference_url https://github.com/advisories/GHSA-hf64-x4gq-p99h
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-hf64-x4gq-p99h
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-71.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-71.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/commit/2f409261eb1228e166868f8f0b5da5cda52e55bf
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/2f409261eb1228e166868f8f0b5da5cda52e55bf
4
reference_url https://github.com/python-pillow/Pillow/commit/7e95c63fa7f503f185d3d9eb16b9cee1e54d1e46
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/7e95c63fa7f503f185d3d9eb16b9cee1e54d1e46
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/
9
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/index.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/index.html
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-35655
reference_id CVE-2020-35655
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-35655
fixed_packages
0
url pkg:pypi/pillow@8.1.0
purl pkg:pypi/pillow@8.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-3gam-zy4w-2ucr
2
vulnerability VCID-4tub-w66m-uyfu
3
vulnerability VCID-5h45-rcpb-q7bz
4
vulnerability VCID-7ya3-j9fa-zugj
5
vulnerability VCID-8z6g-5td3-g7ej
6
vulnerability VCID-9hza-srk7-sucy
7
vulnerability VCID-d4dx-wbrv-gqaa
8
vulnerability VCID-dkcx-xcb8-3fgj
9
vulnerability VCID-fq9j-ntxd-t3b3
10
vulnerability VCID-g48w-36yx-tue3
11
vulnerability VCID-gve2-x5zh-gqha
12
vulnerability VCID-htee-x1mv-sfhh
13
vulnerability VCID-prvn-bejg-kufb
14
vulnerability VCID-q8fz-36n2-vfh2
15
vulnerability VCID-qbfa-rky7-juh5
16
vulnerability VCID-qz6s-pjqj-7uet
17
vulnerability VCID-tcda-8txy-7ygn
18
vulnerability VCID-vx7b-mwfx-5fg2
19
vulnerability VCID-wfzw-3x26-tucg
20
vulnerability VCID-wuv4-qn69-zygh
21
vulnerability VCID-x3bz-ehvb-jyfs
22
vulnerability VCID-yk5x-nt2m-5kgy
23
vulnerability VCID-zsxq-dasb-qyex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.0
aliases CVE-2020-35655, GHSA-hf64-x4gq-p99h, PYSEC-2021-71
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7hcs-pkze-6ba4
1
url VCID-7v6e-3dxw-aubu
vulnerability_id VCID-7v6e-3dxw-aubu
summary In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.
references
0
reference_url https://github.com/advisories/GHSA-f5g8-5qq7-938w
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-f5g8-5qq7-938w
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-69.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-69.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/commit/2f409261eb1228e166868f8f0b5da5cda52e55bf
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/2f409261eb1228e166868f8f0b5da5cda52e55bf
4
reference_url https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/
9
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/index.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/index.html
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-35653
reference_id CVE-2020-35653
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-35653
fixed_packages
0
url pkg:pypi/pillow@8.1.0
purl pkg:pypi/pillow@8.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-3gam-zy4w-2ucr
2
vulnerability VCID-4tub-w66m-uyfu
3
vulnerability VCID-5h45-rcpb-q7bz
4
vulnerability VCID-7ya3-j9fa-zugj
5
vulnerability VCID-8z6g-5td3-g7ej
6
vulnerability VCID-9hza-srk7-sucy
7
vulnerability VCID-d4dx-wbrv-gqaa
8
vulnerability VCID-dkcx-xcb8-3fgj
9
vulnerability VCID-fq9j-ntxd-t3b3
10
vulnerability VCID-g48w-36yx-tue3
11
vulnerability VCID-gve2-x5zh-gqha
12
vulnerability VCID-htee-x1mv-sfhh
13
vulnerability VCID-prvn-bejg-kufb
14
vulnerability VCID-q8fz-36n2-vfh2
15
vulnerability VCID-qbfa-rky7-juh5
16
vulnerability VCID-qz6s-pjqj-7uet
17
vulnerability VCID-tcda-8txy-7ygn
18
vulnerability VCID-vx7b-mwfx-5fg2
19
vulnerability VCID-wfzw-3x26-tucg
20
vulnerability VCID-wuv4-qn69-zygh
21
vulnerability VCID-x3bz-ehvb-jyfs
22
vulnerability VCID-yk5x-nt2m-5kgy
23
vulnerability VCID-zsxq-dasb-qyex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.0
aliases CVE-2020-35653, GHSA-f5g8-5qq7-938w, PYSEC-2021-69
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7v6e-3dxw-aubu
2
url VCID-kjxw-f4f4-dydb
vulnerability_id VCID-kjxw-f4f4-dydb
summary In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.
references
0
reference_url https://github.com/advisories/GHSA-vqcj-wrf2-7v73
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-vqcj-wrf2-7v73
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-70.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-70.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/commit/eb8c1206d6b170d4e798a00db7432e023853da5c
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/eb8c1206d6b170d4e798a00db7432e023853da5c
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
12
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/index.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/index.html
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-35654
reference_id CVE-2020-35654
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-35654
fixed_packages
0
url pkg:pypi/pillow@8.1.0
purl pkg:pypi/pillow@8.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-3gam-zy4w-2ucr
2
vulnerability VCID-4tub-w66m-uyfu
3
vulnerability VCID-5h45-rcpb-q7bz
4
vulnerability VCID-7ya3-j9fa-zugj
5
vulnerability VCID-8z6g-5td3-g7ej
6
vulnerability VCID-9hza-srk7-sucy
7
vulnerability VCID-d4dx-wbrv-gqaa
8
vulnerability VCID-dkcx-xcb8-3fgj
9
vulnerability VCID-fq9j-ntxd-t3b3
10
vulnerability VCID-g48w-36yx-tue3
11
vulnerability VCID-gve2-x5zh-gqha
12
vulnerability VCID-htee-x1mv-sfhh
13
vulnerability VCID-prvn-bejg-kufb
14
vulnerability VCID-q8fz-36n2-vfh2
15
vulnerability VCID-qbfa-rky7-juh5
16
vulnerability VCID-qz6s-pjqj-7uet
17
vulnerability VCID-tcda-8txy-7ygn
18
vulnerability VCID-vx7b-mwfx-5fg2
19
vulnerability VCID-wfzw-3x26-tucg
20
vulnerability VCID-wuv4-qn69-zygh
21
vulnerability VCID-x3bz-ehvb-jyfs
22
vulnerability VCID-yk5x-nt2m-5kgy
23
vulnerability VCID-zsxq-dasb-qyex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.0
aliases CVE-2020-35654, GHSA-vqcj-wrf2-7v73, PYSEC-2021-70
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kjxw-f4f4-dydb
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.0