Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/pillow@9.1.0

Type pypi

Namespace

Name pillow

Version 9.1.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 12.2.0

Latest_non_vulnerable_version 12.2.0

Affected_by_vulnerabilities

url VCID-4tub-w66m-uyfu

vulnerability_id VCID-4tub-w66m-uyfu

summary Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). Pillow v10.0.1 upgrades the bundled libwebp binary to v1.3.2.

references

reference_url	https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst#1001-2023-09-15
reference_id
reference_type
scores
url	https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst#1001-2023-09-15

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-4863
reference_id
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-4863

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-5129
reference_id
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-5129

fixed_packages

url pkg:pypi/pillow@10.0.1

purl pkg:pypi/pillow@10.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hza-srk7-sucy

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@10.0.1

aliases PYSEC-2023-175

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4tub-w66m-uyfu

url VCID-9hza-srk7-sucy

vulnerability_id VCID-9hza-srk7-sucy

summary Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42308.json

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42308.json

reference_url

https://github.com/python-pillow/Pillow

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/python-pillow/Pillow

reference_url

https://github.com/python-pillow/Pillow/releases/tag/12.2.0

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/python-pillow/Pillow/releases/tag/12.2.0

reference_url

https://github.com/python-pillow/Pillow/security/advisories/GHSA-wjx4-4jcj-g98j

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/python-pillow/Pillow/security/advisories/GHSA-wjx4-4jcj-g98j

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-42308

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-42308

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2468457
reference_id	2468457
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2468457

fixed_packages

url	pkg:pypi/pillow@12.2.0
purl	pkg:pypi/pillow@12.2.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@12.2.0

aliases CVE-2026-42308, GHSA-wjx4-4jcj-g98j, PYSEC-2026-165

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9hza-srk7-sucy

url VCID-q9xy-t4zu-zbf5

vulnerability_id VCID-q9xy-t4zu-zbf5

summary libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30595.json

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30595.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-30595

reference_id

reference_type

scores

value	0.00604
scoring_system	epss
scoring_elements	0.69974
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-30595

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-43145.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-43145.yaml

reference_url

https://github.com/python-pillow/Pillow

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/python-pillow/Pillow

reference_url

https://github.com/python-pillow/Pillow/blob/main/src/libImaging/TgaRleDecode.c

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/python-pillow/Pillow/blob/main/src/libImaging/TgaRleDecode.c

reference_url

https://github.com/python-pillow/Pillow/commit/c846cc881ebe34e3518412c2e3636433d9947280

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/python-pillow/Pillow/commit/c846cc881ebe34e3518412c2e3636433d9947280

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-30595

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-30595

reference_url

https://pillow.readthedocs.io/en/stable/releasenotes/9.1.1.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://pillow.readthedocs.io/en/stable/releasenotes/9.1.1.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2087609
reference_id	2087609
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2087609

fixed_packages

url pkg:pypi/pillow@9.1.1

purl pkg:pypi/pillow@9.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tub-w66m-uyfu

vulnerability	VCID-9hza-srk7-sucy

vulnerability	VCID-vx7b-mwfx-5fg2

vulnerability	VCID-x3bz-ehvb-jyfs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.1.1

aliases CVE-2022-30595, GHSA-hr8g-f6r6-mr22, PYSEC-2022-43145

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q9xy-t4zu-zbf5

url VCID-vx7b-mwfx-5fg2

vulnerability_id VCID-vx7b-mwfx-5fg2

summary Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-45198

reference_id

reference_type

scores

value	0.00334
scoring_system	epss
scoring_elements	0.56484
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-45198

reference_url

https://bugs.gentoo.org/855683

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugs.gentoo.org/855683

reference_url

https://cwe.mitre.org/data/definitions/409.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cwe.mitre.org/data/definitions/409.html

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-42979.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-42979.yaml

reference_url

https://github.com/python-pillow/Pillow

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/python-pillow/Pillow

reference_url

https://github.com/python-pillow/Pillow/commit/11918eac0628ec8ac0812670d9838361ead2d6a4

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/python-pillow/Pillow/commit/11918eac0628ec8ac0812670d9838361ead2d6a4

reference_url

https://github.com/python-pillow/Pillow/pull/6402

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/python-pillow/Pillow/pull/6402

reference_url

https://github.com/python-pillow/Pillow/pull/6402/commits/c9f1b35e981075110a23487a8d4a6cbb59a588ea

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/python-pillow/Pillow/pull/6402/commits/c9f1b35e981075110a23487a8d4a6cbb59a588ea

reference_url

https://github.com/python-pillow/Pillow/releases/tag/9.2.0

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/python-pillow/Pillow/releases/tag/9.2.0

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-45198

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-45198

reference_url

https://security.gentoo.org/glsa/202211-10

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/202211-10

fixed_packages

url pkg:pypi/pillow@9.2.0

purl pkg:pypi/pillow@9.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tub-w66m-uyfu

vulnerability	VCID-9hza-srk7-sucy

vulnerability	VCID-q325-dhha-83b2

vulnerability	VCID-x3bz-ehvb-jyfs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.2.0

aliases CVE-2022-45198, GHSA-m2vv-5vj5-2hm7, PYSEC-2022-42979

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vx7b-mwfx-5fg2

url VCID-x3bz-ehvb-jyfs

vulnerability_id VCID-x3bz-ehvb-jyfs

summary An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-44271.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-44271.json

reference_url	https://devhub.checkmarx.com/cve-details/CVE-2023-44271/
reference_id
reference_type
scores
url	https://devhub.checkmarx.com/cve-details/CVE-2023-44271/

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2023-227.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2023-227.yaml

reference_url

https://github.com/python-pillow/Pillow

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/python-pillow/Pillow

reference_url

https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7

reference_url

https://github.com/python-pillow/Pillow/pull/7244

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/python-pillow/Pillow/pull/7244

reference_url

https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N2JOEDUJDQLCUII2LQYZYSM7RJL2I3P4

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N2JOEDUJDQLCUII2LQYZYSM7RJL2I3P4

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2247820
reference_id	2247820
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2247820

reference_url

https://devhub.checkmarx.com/cve-details/CVE-2023-44271

reference_id

CVE-2023-44271

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://devhub.checkmarx.com/cve-details/CVE-2023-44271

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-44271

reference_id

CVE-2023-44271

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-44271

reference_url	https://github.com/advisories/GHSA-8ghj-p4vj-mr35
reference_id	GHSA-8ghj-p4vj-mr35
reference_type
scores
url	https://github.com/advisories/GHSA-8ghj-p4vj-mr35

reference_url	https://security.gentoo.org/glsa/202405-12
reference_id	GLSA-202405-12
reference_type
scores
url	https://security.gentoo.org/glsa/202405-12

reference_url	https://access.redhat.com/errata/RHSA-2024:0345
reference_id	RHSA-2024:0345
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0345

reference_url	https://access.redhat.com/errata/RHSA-2024:1057
reference_id	RHSA-2024:1057
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1057

reference_url	https://access.redhat.com/errata/RHSA-2024:3005
reference_id	RHSA-2024:3005
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3005

fixed_packages

url pkg:pypi/pillow@10.0.0

purl pkg:pypi/pillow@10.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tub-w66m-uyfu

vulnerability	VCID-9hza-srk7-sucy

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@10.0.0

aliases CVE-2023-44271, GHSA-8ghj-p4vj-mr35, PYSEC-2023-227

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x3bz-ehvb-jyfs

Fixing_vulnerabilities

Risk_score 4.4

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.1.0

Package Instance