| 0 |
| url |
VCID-1uv3-mjkz-rkcr |
| vulnerability_id |
VCID-1uv3-mjkz-rkcr |
| summary |
Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@3.1.1 |
| purl |
pkg:pypi/pillow@3.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2gpf-94cu-6fcd |
|
| 1 |
| vulnerability |
VCID-3gam-zy4w-2ucr |
|
| 2 |
| vulnerability |
VCID-4tub-w66m-uyfu |
|
| 3 |
| vulnerability |
VCID-5h45-rcpb-q7bz |
|
| 4 |
| vulnerability |
VCID-612t-dcay-nqgq |
|
| 5 |
| vulnerability |
VCID-6qkd-kgxx-dyeq |
|
| 6 |
| vulnerability |
VCID-6wqw-esat-2ua2 |
|
| 7 |
| vulnerability |
VCID-7sps-ppua-ubb2 |
|
| 8 |
| vulnerability |
VCID-7v6e-3dxw-aubu |
|
| 9 |
| vulnerability |
VCID-7ya3-j9fa-zugj |
|
| 10 |
| vulnerability |
VCID-8z6g-5td3-g7ej |
|
| 11 |
| vulnerability |
VCID-9hza-srk7-sucy |
|
| 12 |
| vulnerability |
VCID-9qm6-cbz9-b7c8 |
|
| 13 |
| vulnerability |
VCID-9v9s-wbu3-cqc7 |
|
| 14 |
| vulnerability |
VCID-cb58-eehb-j7cv |
|
| 15 |
| vulnerability |
VCID-d4dx-wbrv-gqaa |
|
| 16 |
| vulnerability |
VCID-dkcx-xcb8-3fgj |
|
| 17 |
| vulnerability |
VCID-fq9j-ntxd-t3b3 |
|
| 18 |
| vulnerability |
VCID-g48w-36yx-tue3 |
|
| 19 |
| vulnerability |
VCID-gve2-x5zh-gqha |
|
| 20 |
| vulnerability |
VCID-htee-x1mv-sfhh |
|
| 21 |
| vulnerability |
VCID-jtq6-eykc-ykbz |
|
| 22 |
| vulnerability |
VCID-kjxw-f4f4-dydb |
|
| 23 |
| vulnerability |
VCID-mph7-qmm8-1fan |
|
| 24 |
| vulnerability |
VCID-p66f-cwf8-tfdr |
|
| 25 |
| vulnerability |
VCID-prvn-bejg-kufb |
|
| 26 |
| vulnerability |
VCID-px2q-ph74-1ue6 |
|
| 27 |
| vulnerability |
VCID-q8fz-36n2-vfh2 |
|
| 28 |
| vulnerability |
VCID-qbfa-rky7-juh5 |
|
| 29 |
| vulnerability |
VCID-qz6s-pjqj-7uet |
|
| 30 |
| vulnerability |
VCID-t3rz-wf43-a3bf |
|
| 31 |
| vulnerability |
VCID-tcda-8txy-7ygn |
|
| 32 |
| vulnerability |
VCID-vx7b-mwfx-5fg2 |
|
| 33 |
| vulnerability |
VCID-vxtq-wjad-3ue3 |
|
| 34 |
| vulnerability |
VCID-wfzw-3x26-tucg |
|
| 35 |
| vulnerability |
VCID-whh3-qs36-pqfq |
|
| 36 |
| vulnerability |
VCID-wuv4-qn69-zygh |
|
| 37 |
| vulnerability |
VCID-x3bz-ehvb-jyfs |
|
| 38 |
| vulnerability |
VCID-xbur-n6na-d7g1 |
|
| 39 |
| vulnerability |
VCID-yk5x-nt2m-5kgy |
|
| 40 |
| vulnerability |
VCID-zsxq-dasb-qyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@3.1.1 |
|
|
| aliases |
CVE-2016-2533, GHSA-3c5c-7235-994j, PYSEC-2016-19
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1uv3-mjkz-rkcr |
|
| 1 |
| url |
VCID-2gpf-94cu-6fcd |
| vulnerability_id |
VCID-2gpf-94cu-6fcd |
| summary |
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-22817, GHSA-8vj2-vxx3-667w, PYSEC-2022-10
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2gpf-94cu-6fcd |
|
| 2 |
| url |
VCID-3gam-zy4w-2ucr |
| vulnerability_id |
VCID-3gam-zy4w-2ucr |
| summary |
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@8.1.1 |
| purl |
pkg:pypi/pillow@8.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2gpf-94cu-6fcd |
|
| 1 |
| vulnerability |
VCID-3gam-zy4w-2ucr |
|
| 2 |
| vulnerability |
VCID-4tub-w66m-uyfu |
|
| 3 |
| vulnerability |
VCID-7ya3-j9fa-zugj |
|
| 4 |
| vulnerability |
VCID-9hza-srk7-sucy |
|
| 5 |
| vulnerability |
VCID-d4dx-wbrv-gqaa |
|
| 6 |
| vulnerability |
VCID-dkcx-xcb8-3fgj |
|
| 7 |
| vulnerability |
VCID-fq9j-ntxd-t3b3 |
|
| 8 |
| vulnerability |
VCID-g48w-36yx-tue3 |
|
| 9 |
| vulnerability |
VCID-gve2-x5zh-gqha |
|
| 10 |
| vulnerability |
VCID-htee-x1mv-sfhh |
|
| 11 |
| vulnerability |
VCID-prvn-bejg-kufb |
|
| 12 |
| vulnerability |
VCID-q8fz-36n2-vfh2 |
|
| 13 |
| vulnerability |
VCID-qbfa-rky7-juh5 |
|
| 14 |
| vulnerability |
VCID-tcda-8txy-7ygn |
|
| 15 |
| vulnerability |
VCID-vx7b-mwfx-5fg2 |
|
| 16 |
| vulnerability |
VCID-wfzw-3x26-tucg |
|
| 17 |
| vulnerability |
VCID-x3bz-ehvb-jyfs |
|
| 18 |
| vulnerability |
VCID-yk5x-nt2m-5kgy |
|
| 19 |
| vulnerability |
VCID-zsxq-dasb-qyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1 |
|
| 1 |
| url |
pkg:pypi/pillow@8.1.2 |
| purl |
pkg:pypi/pillow@8.1.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2gpf-94cu-6fcd |
|
| 1 |
| vulnerability |
VCID-4tub-w66m-uyfu |
|
| 2 |
| vulnerability |
VCID-7ya3-j9fa-zugj |
|
| 3 |
| vulnerability |
VCID-9hza-srk7-sucy |
|
| 4 |
| vulnerability |
VCID-d4dx-wbrv-gqaa |
|
| 5 |
| vulnerability |
VCID-dkcx-xcb8-3fgj |
|
| 6 |
| vulnerability |
VCID-fq9j-ntxd-t3b3 |
|
| 7 |
| vulnerability |
VCID-gve2-x5zh-gqha |
|
| 8 |
| vulnerability |
VCID-htee-x1mv-sfhh |
|
| 9 |
| vulnerability |
VCID-prvn-bejg-kufb |
|
| 10 |
| vulnerability |
VCID-q8fz-36n2-vfh2 |
|
| 11 |
| vulnerability |
VCID-qbfa-rky7-juh5 |
|
| 12 |
| vulnerability |
VCID-tcda-8txy-7ygn |
|
| 13 |
| vulnerability |
VCID-vx7b-mwfx-5fg2 |
|
| 14 |
| vulnerability |
VCID-wfzw-3x26-tucg |
|
| 15 |
| vulnerability |
VCID-x3bz-ehvb-jyfs |
|
| 16 |
| vulnerability |
VCID-yk5x-nt2m-5kgy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.2 |
|
|
| aliases |
CVE-2021-27923, GHSA-95q3-8gr9-gm8w, PYSEC-2021-42
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3gam-zy4w-2ucr |
|
| 3 |
| url |
VCID-4tub-w66m-uyfu |
| vulnerability_id |
VCID-4tub-w66m-uyfu |
| summary |
Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). Pillow v10.0.1 upgrades the bundled libwebp binary to v1.3.2. |
| references |
|
| fixed_packages |
|
| aliases |
PYSEC-2023-175
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4tub-w66m-uyfu |
|
| 4 |
| url |
VCID-5h45-rcpb-q7bz |
| vulnerability_id |
VCID-5h45-rcpb-q7bz |
| summary |
An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@8.1.1 |
| purl |
pkg:pypi/pillow@8.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2gpf-94cu-6fcd |
|
| 1 |
| vulnerability |
VCID-3gam-zy4w-2ucr |
|
| 2 |
| vulnerability |
VCID-4tub-w66m-uyfu |
|
| 3 |
| vulnerability |
VCID-7ya3-j9fa-zugj |
|
| 4 |
| vulnerability |
VCID-9hza-srk7-sucy |
|
| 5 |
| vulnerability |
VCID-d4dx-wbrv-gqaa |
|
| 6 |
| vulnerability |
VCID-dkcx-xcb8-3fgj |
|
| 7 |
| vulnerability |
VCID-fq9j-ntxd-t3b3 |
|
| 8 |
| vulnerability |
VCID-g48w-36yx-tue3 |
|
| 9 |
| vulnerability |
VCID-gve2-x5zh-gqha |
|
| 10 |
| vulnerability |
VCID-htee-x1mv-sfhh |
|
| 11 |
| vulnerability |
VCID-prvn-bejg-kufb |
|
| 12 |
| vulnerability |
VCID-q8fz-36n2-vfh2 |
|
| 13 |
| vulnerability |
VCID-qbfa-rky7-juh5 |
|
| 14 |
| vulnerability |
VCID-tcda-8txy-7ygn |
|
| 15 |
| vulnerability |
VCID-vx7b-mwfx-5fg2 |
|
| 16 |
| vulnerability |
VCID-wfzw-3x26-tucg |
|
| 17 |
| vulnerability |
VCID-x3bz-ehvb-jyfs |
|
| 18 |
| vulnerability |
VCID-yk5x-nt2m-5kgy |
|
| 19 |
| vulnerability |
VCID-zsxq-dasb-qyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1 |
|
|
| aliases |
CVE-2021-25289, GHSA-57h3-9rgr-c24m, PYSEC-2021-35
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5h45-rcpb-q7bz |
|
| 5 |
| url |
VCID-612t-dcay-nqgq |
| vulnerability_id |
VCID-612t-dcay-nqgq |
| summary |
Uncontrolled Resource Consumption in pillow
### Impact
_Pillow before 8.1.1 allows attackers to cause a denial of service because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large._
### Patches
_An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image._
### Workarounds
_An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image._
### References
https://nvd.nist.gov/vuln/detail/CVE-2021-27921
### For more information
If you have any questions or comments about this advisory:
* Open an issue in example link to repo email address] |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@8.1.1 |
| purl |
pkg:pypi/pillow@8.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2gpf-94cu-6fcd |
|
| 1 |
| vulnerability |
VCID-3gam-zy4w-2ucr |
|
| 2 |
| vulnerability |
VCID-4tub-w66m-uyfu |
|
| 3 |
| vulnerability |
VCID-7ya3-j9fa-zugj |
|
| 4 |
| vulnerability |
VCID-9hza-srk7-sucy |
|
| 5 |
| vulnerability |
VCID-d4dx-wbrv-gqaa |
|
| 6 |
| vulnerability |
VCID-dkcx-xcb8-3fgj |
|
| 7 |
| vulnerability |
VCID-fq9j-ntxd-t3b3 |
|
| 8 |
| vulnerability |
VCID-g48w-36yx-tue3 |
|
| 9 |
| vulnerability |
VCID-gve2-x5zh-gqha |
|
| 10 |
| vulnerability |
VCID-htee-x1mv-sfhh |
|
| 11 |
| vulnerability |
VCID-prvn-bejg-kufb |
|
| 12 |
| vulnerability |
VCID-q8fz-36n2-vfh2 |
|
| 13 |
| vulnerability |
VCID-qbfa-rky7-juh5 |
|
| 14 |
| vulnerability |
VCID-tcda-8txy-7ygn |
|
| 15 |
| vulnerability |
VCID-vx7b-mwfx-5fg2 |
|
| 16 |
| vulnerability |
VCID-wfzw-3x26-tucg |
|
| 17 |
| vulnerability |
VCID-x3bz-ehvb-jyfs |
|
| 18 |
| vulnerability |
VCID-yk5x-nt2m-5kgy |
|
| 19 |
| vulnerability |
VCID-zsxq-dasb-qyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1 |
|
| 1 |
| url |
pkg:pypi/pillow@8.1.2 |
| purl |
pkg:pypi/pillow@8.1.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2gpf-94cu-6fcd |
|
| 1 |
| vulnerability |
VCID-4tub-w66m-uyfu |
|
| 2 |
| vulnerability |
VCID-7ya3-j9fa-zugj |
|
| 3 |
| vulnerability |
VCID-9hza-srk7-sucy |
|
| 4 |
| vulnerability |
VCID-d4dx-wbrv-gqaa |
|
| 5 |
| vulnerability |
VCID-dkcx-xcb8-3fgj |
|
| 6 |
| vulnerability |
VCID-fq9j-ntxd-t3b3 |
|
| 7 |
| vulnerability |
VCID-gve2-x5zh-gqha |
|
| 8 |
| vulnerability |
VCID-htee-x1mv-sfhh |
|
| 9 |
| vulnerability |
VCID-prvn-bejg-kufb |
|
| 10 |
| vulnerability |
VCID-q8fz-36n2-vfh2 |
|
| 11 |
| vulnerability |
VCID-qbfa-rky7-juh5 |
|
| 12 |
| vulnerability |
VCID-tcda-8txy-7ygn |
|
| 13 |
| vulnerability |
VCID-vx7b-mwfx-5fg2 |
|
| 14 |
| vulnerability |
VCID-wfzw-3x26-tucg |
|
| 15 |
| vulnerability |
VCID-x3bz-ehvb-jyfs |
|
| 16 |
| vulnerability |
VCID-yk5x-nt2m-5kgy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.2 |
|
|
| aliases |
GHSA-jgpv-4h4c-xhw3, GMS-2021-167
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-612t-dcay-nqgq |
|
| 6 |
| url |
VCID-6qkd-kgxx-dyeq |
| vulnerability_id |
VCID-6qkd-kgxx-dyeq |
| summary |
Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
| reference_url |
http://www.securityfocus.com/bid/94234 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.securityfocus.com/bid/94234 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@3.3.2 |
| purl |
pkg:pypi/pillow@3.3.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2gpf-94cu-6fcd |
|
| 1 |
| vulnerability |
VCID-3gam-zy4w-2ucr |
|
| 2 |
| vulnerability |
VCID-4tub-w66m-uyfu |
|
| 3 |
| vulnerability |
VCID-5h45-rcpb-q7bz |
|
| 4 |
| vulnerability |
VCID-612t-dcay-nqgq |
|
| 5 |
| vulnerability |
VCID-7sps-ppua-ubb2 |
|
| 6 |
| vulnerability |
VCID-7v6e-3dxw-aubu |
|
| 7 |
| vulnerability |
VCID-7ya3-j9fa-zugj |
|
| 8 |
| vulnerability |
VCID-8z6g-5td3-g7ej |
|
| 9 |
| vulnerability |
VCID-9hza-srk7-sucy |
|
| 10 |
| vulnerability |
VCID-9qm6-cbz9-b7c8 |
|
| 11 |
| vulnerability |
VCID-9v9s-wbu3-cqc7 |
|
| 12 |
| vulnerability |
VCID-cb58-eehb-j7cv |
|
| 13 |
| vulnerability |
VCID-d4dx-wbrv-gqaa |
|
| 14 |
| vulnerability |
VCID-dkcx-xcb8-3fgj |
|
| 15 |
| vulnerability |
VCID-fq9j-ntxd-t3b3 |
|
| 16 |
| vulnerability |
VCID-g48w-36yx-tue3 |
|
| 17 |
| vulnerability |
VCID-gve2-x5zh-gqha |
|
| 18 |
| vulnerability |
VCID-htee-x1mv-sfhh |
|
| 19 |
| vulnerability |
VCID-jtq6-eykc-ykbz |
|
| 20 |
| vulnerability |
VCID-kjxw-f4f4-dydb |
|
| 21 |
| vulnerability |
VCID-mph7-qmm8-1fan |
|
| 22 |
| vulnerability |
VCID-p66f-cwf8-tfdr |
|
| 23 |
| vulnerability |
VCID-prvn-bejg-kufb |
|
| 24 |
| vulnerability |
VCID-q8fz-36n2-vfh2 |
|
| 25 |
| vulnerability |
VCID-qbfa-rky7-juh5 |
|
| 26 |
| vulnerability |
VCID-qz6s-pjqj-7uet |
|
| 27 |
| vulnerability |
VCID-t3rz-wf43-a3bf |
|
| 28 |
| vulnerability |
VCID-tcda-8txy-7ygn |
|
| 29 |
| vulnerability |
VCID-vx7b-mwfx-5fg2 |
|
| 30 |
| vulnerability |
VCID-vxtq-wjad-3ue3 |
|
| 31 |
| vulnerability |
VCID-wfzw-3x26-tucg |
|
| 32 |
| vulnerability |
VCID-whh3-qs36-pqfq |
|
| 33 |
| vulnerability |
VCID-wuv4-qn69-zygh |
|
| 34 |
| vulnerability |
VCID-x3bz-ehvb-jyfs |
|
| 35 |
| vulnerability |
VCID-xbur-n6na-d7g1 |
|
| 36 |
| vulnerability |
VCID-yk5x-nt2m-5kgy |
|
| 37 |
| vulnerability |
VCID-zsxq-dasb-qyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@3.3.2 |
|
|
| aliases |
CVE-2016-9189, GHSA-rwr3-c2q8-gm56, PYSEC-2016-8
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6qkd-kgxx-dyeq |
|
| 7 |
| url |
VCID-7sps-ppua-ubb2 |
| vulnerability_id |
VCID-7sps-ppua-ubb2 |
| summary |
libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
| reference_url |
https://usn.ubuntu.com/4272-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4272-1 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@6.2.2 |
| purl |
pkg:pypi/pillow@6.2.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2gpf-94cu-6fcd |
|
| 1 |
| vulnerability |
VCID-3gam-zy4w-2ucr |
|
| 2 |
| vulnerability |
VCID-4tub-w66m-uyfu |
|
| 3 |
| vulnerability |
VCID-5h45-rcpb-q7bz |
|
| 4 |
| vulnerability |
VCID-612t-dcay-nqgq |
|
| 5 |
| vulnerability |
VCID-7hcs-pkze-6ba4 |
|
| 6 |
| vulnerability |
VCID-7v6e-3dxw-aubu |
|
| 7 |
| vulnerability |
VCID-7ya3-j9fa-zugj |
|
| 8 |
| vulnerability |
VCID-8z6g-5td3-g7ej |
|
| 9 |
| vulnerability |
VCID-9hza-srk7-sucy |
|
| 10 |
| vulnerability |
VCID-9v9s-wbu3-cqc7 |
|
| 11 |
| vulnerability |
VCID-d4dx-wbrv-gqaa |
|
| 12 |
| vulnerability |
VCID-dkcx-xcb8-3fgj |
|
| 13 |
| vulnerability |
VCID-fq9j-ntxd-t3b3 |
|
| 14 |
| vulnerability |
VCID-g48w-36yx-tue3 |
|
| 15 |
| vulnerability |
VCID-gve2-x5zh-gqha |
|
| 16 |
| vulnerability |
VCID-htee-x1mv-sfhh |
|
| 17 |
| vulnerability |
VCID-jtq6-eykc-ykbz |
|
| 18 |
| vulnerability |
VCID-kjxw-f4f4-dydb |
|
| 19 |
| vulnerability |
VCID-prvn-bejg-kufb |
|
| 20 |
| vulnerability |
VCID-q8fz-36n2-vfh2 |
|
| 21 |
| vulnerability |
VCID-qbfa-rky7-juh5 |
|
| 22 |
| vulnerability |
VCID-qz6s-pjqj-7uet |
|
| 23 |
| vulnerability |
VCID-t3rz-wf43-a3bf |
|
| 24 |
| vulnerability |
VCID-tcda-8txy-7ygn |
|
| 25 |
| vulnerability |
VCID-vx7b-mwfx-5fg2 |
|
| 26 |
| vulnerability |
VCID-wfzw-3x26-tucg |
|
| 27 |
| vulnerability |
VCID-whh3-qs36-pqfq |
|
| 28 |
| vulnerability |
VCID-wuv4-qn69-zygh |
|
| 29 |
| vulnerability |
VCID-x3bz-ehvb-jyfs |
|
| 30 |
| vulnerability |
VCID-xbur-n6na-d7g1 |
|
| 31 |
| vulnerability |
VCID-yk5x-nt2m-5kgy |
|
| 32 |
| vulnerability |
VCID-zsxq-dasb-qyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@6.2.2 |
|
|
| aliases |
CVE-2020-5310, GHSA-vcqg-3p29-xw73, PYSEC-2020-81
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7sps-ppua-ubb2 |
|
| 8 |
| url |
VCID-7v6e-3dxw-aubu |
| vulnerability_id |
VCID-7v6e-3dxw-aubu |
| summary |
In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H |
|
| 1 |
| value |
8.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@8.1.0 |
| purl |
pkg:pypi/pillow@8.1.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2gpf-94cu-6fcd |
|
| 1 |
| vulnerability |
VCID-3gam-zy4w-2ucr |
|
| 2 |
| vulnerability |
VCID-4tub-w66m-uyfu |
|
| 3 |
| vulnerability |
VCID-5h45-rcpb-q7bz |
|
| 4 |
| vulnerability |
VCID-612t-dcay-nqgq |
|
| 5 |
| vulnerability |
VCID-7ya3-j9fa-zugj |
|
| 6 |
| vulnerability |
VCID-8z6g-5td3-g7ej |
|
| 7 |
| vulnerability |
VCID-9hza-srk7-sucy |
|
| 8 |
| vulnerability |
VCID-d4dx-wbrv-gqaa |
|
| 9 |
| vulnerability |
VCID-dkcx-xcb8-3fgj |
|
| 10 |
| vulnerability |
VCID-fq9j-ntxd-t3b3 |
|
| 11 |
| vulnerability |
VCID-g48w-36yx-tue3 |
|
| 12 |
| vulnerability |
VCID-gve2-x5zh-gqha |
|
| 13 |
| vulnerability |
VCID-htee-x1mv-sfhh |
|
| 14 |
| vulnerability |
VCID-prvn-bejg-kufb |
|
| 15 |
| vulnerability |
VCID-q8fz-36n2-vfh2 |
|
| 16 |
| vulnerability |
VCID-qbfa-rky7-juh5 |
|
| 17 |
| vulnerability |
VCID-qz6s-pjqj-7uet |
|
| 18 |
| vulnerability |
VCID-tcda-8txy-7ygn |
|
| 19 |
| vulnerability |
VCID-vx7b-mwfx-5fg2 |
|
| 20 |
| vulnerability |
VCID-wfzw-3x26-tucg |
|
| 21 |
| vulnerability |
VCID-wuv4-qn69-zygh |
|
| 22 |
| vulnerability |
VCID-x3bz-ehvb-jyfs |
|
| 23 |
| vulnerability |
VCID-yk5x-nt2m-5kgy |
|
| 24 |
| vulnerability |
VCID-zsxq-dasb-qyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.0 |
|
|
| aliases |
CVE-2020-35653, GHSA-f5g8-5qq7-938w, PYSEC-2021-69
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7v6e-3dxw-aubu |
|
| 9 |
|
| 10 |
| url |
VCID-8gxw-hqk5-2uak |
| vulnerability_id |
VCID-8gxw-hqk5-2uak |
| summary |
Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
| reference_url |
http://www.securityfocus.com/bid/86064 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.securityfocus.com/bid/86064 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@3.1.1 |
| purl |
pkg:pypi/pillow@3.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2gpf-94cu-6fcd |
|
| 1 |
| vulnerability |
VCID-3gam-zy4w-2ucr |
|
| 2 |
| vulnerability |
VCID-4tub-w66m-uyfu |
|
| 3 |
| vulnerability |
VCID-5h45-rcpb-q7bz |
|
| 4 |
| vulnerability |
VCID-612t-dcay-nqgq |
|
| 5 |
| vulnerability |
VCID-6qkd-kgxx-dyeq |
|
| 6 |
| vulnerability |
VCID-6wqw-esat-2ua2 |
|
| 7 |
| vulnerability |
VCID-7sps-ppua-ubb2 |
|
| 8 |
| vulnerability |
VCID-7v6e-3dxw-aubu |
|
| 9 |
| vulnerability |
VCID-7ya3-j9fa-zugj |
|
| 10 |
| vulnerability |
VCID-8z6g-5td3-g7ej |
|
| 11 |
| vulnerability |
VCID-9hza-srk7-sucy |
|
| 12 |
| vulnerability |
VCID-9qm6-cbz9-b7c8 |
|
| 13 |
| vulnerability |
VCID-9v9s-wbu3-cqc7 |
|
| 14 |
| vulnerability |
VCID-cb58-eehb-j7cv |
|
| 15 |
| vulnerability |
VCID-d4dx-wbrv-gqaa |
|
| 16 |
| vulnerability |
VCID-dkcx-xcb8-3fgj |
|
| 17 |
| vulnerability |
VCID-fq9j-ntxd-t3b3 |
|
| 18 |
| vulnerability |
VCID-g48w-36yx-tue3 |
|
| 19 |
| vulnerability |
VCID-gve2-x5zh-gqha |
|
| 20 |
| vulnerability |
VCID-htee-x1mv-sfhh |
|
| 21 |
| vulnerability |
VCID-jtq6-eykc-ykbz |
|
| 22 |
| vulnerability |
VCID-kjxw-f4f4-dydb |
|
| 23 |
| vulnerability |
VCID-mph7-qmm8-1fan |
|
| 24 |
| vulnerability |
VCID-p66f-cwf8-tfdr |
|
| 25 |
| vulnerability |
VCID-prvn-bejg-kufb |
|
| 26 |
| vulnerability |
VCID-px2q-ph74-1ue6 |
|
| 27 |
| vulnerability |
VCID-q8fz-36n2-vfh2 |
|
| 28 |
| vulnerability |
VCID-qbfa-rky7-juh5 |
|
| 29 |
| vulnerability |
VCID-qz6s-pjqj-7uet |
|
| 30 |
| vulnerability |
VCID-t3rz-wf43-a3bf |
|
| 31 |
| vulnerability |
VCID-tcda-8txy-7ygn |
|
| 32 |
| vulnerability |
VCID-vx7b-mwfx-5fg2 |
|
| 33 |
| vulnerability |
VCID-vxtq-wjad-3ue3 |
|
| 34 |
| vulnerability |
VCID-wfzw-3x26-tucg |
|
| 35 |
| vulnerability |
VCID-whh3-qs36-pqfq |
|
| 36 |
| vulnerability |
VCID-wuv4-qn69-zygh |
|
| 37 |
| vulnerability |
VCID-x3bz-ehvb-jyfs |
|
| 38 |
| vulnerability |
VCID-xbur-n6na-d7g1 |
|
| 39 |
| vulnerability |
VCID-yk5x-nt2m-5kgy |
|
| 40 |
| vulnerability |
VCID-zsxq-dasb-qyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@3.1.1 |
|
|
| aliases |
CVE-2016-4009, GHSA-hvr8-466p-75rh, PYSEC-2016-7
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8gxw-hqk5-2uak |
|
| 11 |
| url |
VCID-8z6g-5td3-g7ej |
| vulnerability_id |
VCID-8z6g-5td3-g7ej |
| summary |
An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@8.1.1 |
| purl |
pkg:pypi/pillow@8.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2gpf-94cu-6fcd |
|
| 1 |
| vulnerability |
VCID-3gam-zy4w-2ucr |
|
| 2 |
| vulnerability |
VCID-4tub-w66m-uyfu |
|
| 3 |
| vulnerability |
VCID-7ya3-j9fa-zugj |
|
| 4 |
| vulnerability |
VCID-9hza-srk7-sucy |
|
| 5 |
| vulnerability |
VCID-d4dx-wbrv-gqaa |
|
| 6 |
| vulnerability |
VCID-dkcx-xcb8-3fgj |
|
| 7 |
| vulnerability |
VCID-fq9j-ntxd-t3b3 |
|
| 8 |
| vulnerability |
VCID-g48w-36yx-tue3 |
|
| 9 |
| vulnerability |
VCID-gve2-x5zh-gqha |
|
| 10 |
| vulnerability |
VCID-htee-x1mv-sfhh |
|
| 11 |
| vulnerability |
VCID-prvn-bejg-kufb |
|
| 12 |
| vulnerability |
VCID-q8fz-36n2-vfh2 |
|
| 13 |
| vulnerability |
VCID-qbfa-rky7-juh5 |
|
| 14 |
| vulnerability |
VCID-tcda-8txy-7ygn |
|
| 15 |
| vulnerability |
VCID-vx7b-mwfx-5fg2 |
|
| 16 |
| vulnerability |
VCID-wfzw-3x26-tucg |
|
| 17 |
| vulnerability |
VCID-x3bz-ehvb-jyfs |
|
| 18 |
| vulnerability |
VCID-yk5x-nt2m-5kgy |
|
| 19 |
| vulnerability |
VCID-zsxq-dasb-qyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1 |
|
|
| aliases |
CVE-2021-25293, GHSA-p43w-g3c5-g5mq, PYSEC-2021-39
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8z6g-5td3-g7ej |
|
| 12 |
| url |
VCID-9hza-srk7-sucy |
| vulnerability_id |
VCID-9hza-srk7-sucy |
| summary |
Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-42308, GHSA-wjx4-4jcj-g98j, PYSEC-2026-165
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9hza-srk7-sucy |
|
| 13 |
| url |
VCID-9qm6-cbz9-b7c8 |
| vulnerability_id |
VCID-9qm6-cbz9-b7c8 |
| summary |
There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux running 64-bit Python this results in the process being terminated by the OOM killer. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
| reference_url |
https://usn.ubuntu.com/4272-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4272-1 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@6.2.2 |
| purl |
pkg:pypi/pillow@6.2.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2gpf-94cu-6fcd |
|
| 1 |
| vulnerability |
VCID-3gam-zy4w-2ucr |
|
| 2 |
| vulnerability |
VCID-4tub-w66m-uyfu |
|
| 3 |
| vulnerability |
VCID-5h45-rcpb-q7bz |
|
| 4 |
| vulnerability |
VCID-612t-dcay-nqgq |
|
| 5 |
| vulnerability |
VCID-7hcs-pkze-6ba4 |
|
| 6 |
| vulnerability |
VCID-7v6e-3dxw-aubu |
|
| 7 |
| vulnerability |
VCID-7ya3-j9fa-zugj |
|
| 8 |
| vulnerability |
VCID-8z6g-5td3-g7ej |
|
| 9 |
| vulnerability |
VCID-9hza-srk7-sucy |
|
| 10 |
| vulnerability |
VCID-9v9s-wbu3-cqc7 |
|
| 11 |
| vulnerability |
VCID-d4dx-wbrv-gqaa |
|
| 12 |
| vulnerability |
VCID-dkcx-xcb8-3fgj |
|
| 13 |
| vulnerability |
VCID-fq9j-ntxd-t3b3 |
|
| 14 |
| vulnerability |
VCID-g48w-36yx-tue3 |
|
| 15 |
| vulnerability |
VCID-gve2-x5zh-gqha |
|
| 16 |
| vulnerability |
VCID-htee-x1mv-sfhh |
|
| 17 |
| vulnerability |
VCID-jtq6-eykc-ykbz |
|
| 18 |
| vulnerability |
VCID-kjxw-f4f4-dydb |
|
| 19 |
| vulnerability |
VCID-prvn-bejg-kufb |
|
| 20 |
| vulnerability |
VCID-q8fz-36n2-vfh2 |
|
| 21 |
| vulnerability |
VCID-qbfa-rky7-juh5 |
|
| 22 |
| vulnerability |
VCID-qz6s-pjqj-7uet |
|
| 23 |
| vulnerability |
VCID-t3rz-wf43-a3bf |
|
| 24 |
| vulnerability |
VCID-tcda-8txy-7ygn |
|
| 25 |
| vulnerability |
VCID-vx7b-mwfx-5fg2 |
|
| 26 |
| vulnerability |
VCID-wfzw-3x26-tucg |
|
| 27 |
| vulnerability |
VCID-whh3-qs36-pqfq |
|
| 28 |
| vulnerability |
VCID-wuv4-qn69-zygh |
|
| 29 |
| vulnerability |
VCID-x3bz-ehvb-jyfs |
|
| 30 |
| vulnerability |
VCID-xbur-n6na-d7g1 |
|
| 31 |
| vulnerability |
VCID-yk5x-nt2m-5kgy |
|
| 32 |
| vulnerability |
VCID-zsxq-dasb-qyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@6.2.2 |
|
|
| aliases |
CVE-2019-19911, GHSA-5gm3-px64-rw72, PYSEC-2020-172
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9qm6-cbz9-b7c8 |
|
| 14 |
| url |
VCID-9v9s-wbu3-cqc7 |
| vulnerability_id |
VCID-9v9s-wbu3-cqc7 |
| summary |
Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
| reference_url |
https://usn.ubuntu.com/4430-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4430-1 |
|
| 29 |
|
| 30 |
| reference_url |
https://usn.ubuntu.com/4430-2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4430-2 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@7.1.0 |
| purl |
pkg:pypi/pillow@7.1.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2gpf-94cu-6fcd |
|
| 1 |
| vulnerability |
VCID-3gam-zy4w-2ucr |
|
| 2 |
| vulnerability |
VCID-4tub-w66m-uyfu |
|
| 3 |
| vulnerability |
VCID-5h45-rcpb-q7bz |
|
| 4 |
| vulnerability |
VCID-612t-dcay-nqgq |
|
| 5 |
| vulnerability |
VCID-7hcs-pkze-6ba4 |
|
| 6 |
| vulnerability |
VCID-7v6e-3dxw-aubu |
|
| 7 |
| vulnerability |
VCID-7ya3-j9fa-zugj |
|
| 8 |
| vulnerability |
VCID-8z6g-5td3-g7ej |
|
| 9 |
| vulnerability |
VCID-9hza-srk7-sucy |
|
| 10 |
| vulnerability |
VCID-d4dx-wbrv-gqaa |
|
| 11 |
| vulnerability |
VCID-dkcx-xcb8-3fgj |
|
| 12 |
| vulnerability |
VCID-fq9j-ntxd-t3b3 |
|
| 13 |
| vulnerability |
VCID-g48w-36yx-tue3 |
|
| 14 |
| vulnerability |
VCID-gve2-x5zh-gqha |
|
| 15 |
| vulnerability |
VCID-htee-x1mv-sfhh |
|
| 16 |
| vulnerability |
VCID-kjxw-f4f4-dydb |
|
| 17 |
| vulnerability |
VCID-prvn-bejg-kufb |
|
| 18 |
| vulnerability |
VCID-q8fz-36n2-vfh2 |
|
| 19 |
| vulnerability |
VCID-qbfa-rky7-juh5 |
|
| 20 |
| vulnerability |
VCID-qz6s-pjqj-7uet |
|
| 21 |
| vulnerability |
VCID-tcda-8txy-7ygn |
|
| 22 |
| vulnerability |
VCID-vx7b-mwfx-5fg2 |
|
| 23 |
| vulnerability |
VCID-wfzw-3x26-tucg |
|
| 24 |
| vulnerability |
VCID-wuv4-qn69-zygh |
|
| 25 |
| vulnerability |
VCID-x3bz-ehvb-jyfs |
|
| 26 |
| vulnerability |
VCID-yk5x-nt2m-5kgy |
|
| 27 |
| vulnerability |
VCID-zsxq-dasb-qyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@7.1.0 |
|
|
| aliases |
CVE-2020-10177, GHSA-cqhg-xjhh-p8hf, PYSEC-2020-76
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9v9s-wbu3-cqc7 |
|
| 15 |
| url |
VCID-cb58-eehb-j7cv |
| vulnerability_id |
VCID-cb58-eehb-j7cv |
| summary |
libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
| reference_url |
https://usn.ubuntu.com/4272-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4272-1 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@6.2.2 |
| purl |
pkg:pypi/pillow@6.2.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2gpf-94cu-6fcd |
|
| 1 |
| vulnerability |
VCID-3gam-zy4w-2ucr |
|
| 2 |
| vulnerability |
VCID-4tub-w66m-uyfu |
|
| 3 |
| vulnerability |
VCID-5h45-rcpb-q7bz |
|
| 4 |
| vulnerability |
VCID-612t-dcay-nqgq |
|
| 5 |
| vulnerability |
VCID-7hcs-pkze-6ba4 |
|
| 6 |
| vulnerability |
VCID-7v6e-3dxw-aubu |
|
| 7 |
| vulnerability |
VCID-7ya3-j9fa-zugj |
|
| 8 |
| vulnerability |
VCID-8z6g-5td3-g7ej |
|
| 9 |
| vulnerability |
VCID-9hza-srk7-sucy |
|
| 10 |
| vulnerability |
VCID-9v9s-wbu3-cqc7 |
|
| 11 |
| vulnerability |
VCID-d4dx-wbrv-gqaa |
|
| 12 |
| vulnerability |
VCID-dkcx-xcb8-3fgj |
|
| 13 |
| vulnerability |
VCID-fq9j-ntxd-t3b3 |
|
| 14 |
| vulnerability |
VCID-g48w-36yx-tue3 |
|
| 15 |
| vulnerability |
VCID-gve2-x5zh-gqha |
|
| 16 |
| vulnerability |
VCID-htee-x1mv-sfhh |
|
| 17 |
| vulnerability |
VCID-jtq6-eykc-ykbz |
|
| 18 |
| vulnerability |
VCID-kjxw-f4f4-dydb |
|
| 19 |
| vulnerability |
VCID-prvn-bejg-kufb |
|
| 20 |
| vulnerability |
VCID-q8fz-36n2-vfh2 |
|
| 21 |
| vulnerability |
VCID-qbfa-rky7-juh5 |
|
| 22 |
| vulnerability |
VCID-qz6s-pjqj-7uet |
|
| 23 |
| vulnerability |
VCID-t3rz-wf43-a3bf |
|
| 24 |
| vulnerability |
VCID-tcda-8txy-7ygn |
|
| 25 |
| vulnerability |
VCID-vx7b-mwfx-5fg2 |
|
| 26 |
| vulnerability |
VCID-wfzw-3x26-tucg |
|
| 27 |
| vulnerability |
VCID-whh3-qs36-pqfq |
|
| 28 |
| vulnerability |
VCID-wuv4-qn69-zygh |
|
| 29 |
| vulnerability |
VCID-x3bz-ehvb-jyfs |
|
| 30 |
| vulnerability |
VCID-xbur-n6na-d7g1 |
|
| 31 |
| vulnerability |
VCID-yk5x-nt2m-5kgy |
|
| 32 |
| vulnerability |
VCID-zsxq-dasb-qyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@6.2.2 |
|
|
| aliases |
CVE-2020-5311, GHSA-r7rm-8j6h-r933, PYSEC-2020-82
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cb58-eehb-j7cv |
|
| 16 |
| url |
VCID-ctaf-ff57-8yge |
| vulnerability_id |
VCID-ctaf-ff57-8yge |
| summary |
Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@2.7.0 |
| purl |
pkg:pypi/pillow@2.7.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1uv3-mjkz-rkcr |
|
| 1 |
| vulnerability |
VCID-2gpf-94cu-6fcd |
|
| 2 |
| vulnerability |
VCID-3gam-zy4w-2ucr |
|
| 3 |
| vulnerability |
VCID-4tub-w66m-uyfu |
|
| 4 |
| vulnerability |
VCID-5h45-rcpb-q7bz |
|
| 5 |
| vulnerability |
VCID-612t-dcay-nqgq |
|
| 6 |
| vulnerability |
VCID-6qkd-kgxx-dyeq |
|
| 7 |
| vulnerability |
VCID-6wqw-esat-2ua2 |
|
| 8 |
| vulnerability |
VCID-7sps-ppua-ubb2 |
|
| 9 |
| vulnerability |
VCID-7v6e-3dxw-aubu |
|
| 10 |
| vulnerability |
VCID-7ya3-j9fa-zugj |
|
| 11 |
| vulnerability |
VCID-8gxw-hqk5-2uak |
|
| 12 |
| vulnerability |
VCID-8z6g-5td3-g7ej |
|
| 13 |
| vulnerability |
VCID-9hza-srk7-sucy |
|
| 14 |
| vulnerability |
VCID-9qm6-cbz9-b7c8 |
|
| 15 |
| vulnerability |
VCID-9v9s-wbu3-cqc7 |
|
| 16 |
| vulnerability |
VCID-cb58-eehb-j7cv |
|
| 17 |
| vulnerability |
VCID-d4dx-wbrv-gqaa |
|
| 18 |
| vulnerability |
VCID-dkcx-xcb8-3fgj |
|
| 19 |
| vulnerability |
VCID-fq9j-ntxd-t3b3 |
|
| 20 |
| vulnerability |
VCID-g48w-36yx-tue3 |
|
| 21 |
| vulnerability |
VCID-gve2-x5zh-gqha |
|
| 22 |
| vulnerability |
VCID-htee-x1mv-sfhh |
|
| 23 |
| vulnerability |
VCID-hy5d-twhs-e7a3 |
|
| 24 |
| vulnerability |
VCID-jtq6-eykc-ykbz |
|
| 25 |
| vulnerability |
VCID-kjxw-f4f4-dydb |
|
| 26 |
| vulnerability |
VCID-mph7-qmm8-1fan |
|
| 27 |
| vulnerability |
VCID-p66f-cwf8-tfdr |
|
| 28 |
| vulnerability |
VCID-prvn-bejg-kufb |
|
| 29 |
| vulnerability |
VCID-px2q-ph74-1ue6 |
|
| 30 |
| vulnerability |
VCID-q11v-xn32-auch |
|
| 31 |
| vulnerability |
VCID-q8fz-36n2-vfh2 |
|
| 32 |
| vulnerability |
VCID-qbfa-rky7-juh5 |
|
| 33 |
| vulnerability |
VCID-qz6s-pjqj-7uet |
|
| 34 |
| vulnerability |
VCID-t3rz-wf43-a3bf |
|
| 35 |
| vulnerability |
VCID-tcda-8txy-7ygn |
|
| 36 |
| vulnerability |
VCID-vx7b-mwfx-5fg2 |
|
| 37 |
| vulnerability |
VCID-vxtq-wjad-3ue3 |
|
| 38 |
| vulnerability |
VCID-wfzw-3x26-tucg |
|
| 39 |
| vulnerability |
VCID-whh3-qs36-pqfq |
|
| 40 |
| vulnerability |
VCID-wuv4-qn69-zygh |
|
| 41 |
| vulnerability |
VCID-x3bz-ehvb-jyfs |
|
| 42 |
| vulnerability |
VCID-xbur-n6na-d7g1 |
|
| 43 |
| vulnerability |
VCID-yk5x-nt2m-5kgy |
|
| 44 |
| vulnerability |
VCID-zsxq-dasb-qyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@2.7.0 |
|
|
| aliases |
CVE-2014-9601, GHSA-h5rf-vgqx-wjv2, PYSEC-2015-16
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ctaf-ff57-8yge |
|
| 17 |
|
| 18 |
| url |
VCID-dkcx-xcb8-3fgj |
| vulnerability_id |
VCID-dkcx-xcb8-3fgj |
| summary |
The package pillow from 0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-23437, GHSA-98vv-pw6r-q6q4, PYSEC-2021-317, SNYK-PYTHON-PILLOW-1319443
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dkcx-xcb8-3fgj |
|
| 19 |
| url |
VCID-dm9u-y5aa-bfhc |
| vulnerability_id |
VCID-dm9u-y5aa-bfhc |
| summary |
PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
| reference_url |
https://pypi.python.org/pypi/Pillow/2.3.2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://pypi.python.org/pypi/Pillow/2.3.2 |
|
| 13 |
| reference_url |
https://pypi.python.org/pypi/Pillow/2.5.2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://pypi.python.org/pypi/Pillow/2.5.2 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@2.3.2 |
| purl |
pkg:pypi/pillow@2.3.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1uv3-mjkz-rkcr |
|
| 1 |
| vulnerability |
VCID-2gpf-94cu-6fcd |
|
| 2 |
| vulnerability |
VCID-3gam-zy4w-2ucr |
|
| 3 |
| vulnerability |
VCID-4tub-w66m-uyfu |
|
| 4 |
| vulnerability |
VCID-5h45-rcpb-q7bz |
|
| 5 |
| vulnerability |
VCID-612t-dcay-nqgq |
|
| 6 |
| vulnerability |
VCID-6qkd-kgxx-dyeq |
|
| 7 |
| vulnerability |
VCID-7sps-ppua-ubb2 |
|
| 8 |
| vulnerability |
VCID-7v6e-3dxw-aubu |
|
| 9 |
| vulnerability |
VCID-7ya3-j9fa-zugj |
|
| 10 |
| vulnerability |
VCID-8gxw-hqk5-2uak |
|
| 11 |
| vulnerability |
VCID-8z6g-5td3-g7ej |
|
| 12 |
| vulnerability |
VCID-9hza-srk7-sucy |
|
| 13 |
| vulnerability |
VCID-9qm6-cbz9-b7c8 |
|
| 14 |
| vulnerability |
VCID-9v9s-wbu3-cqc7 |
|
| 15 |
| vulnerability |
VCID-cb58-eehb-j7cv |
|
| 16 |
| vulnerability |
VCID-ctaf-ff57-8yge |
|
| 17 |
| vulnerability |
VCID-d4dx-wbrv-gqaa |
|
| 18 |
| vulnerability |
VCID-dkcx-xcb8-3fgj |
|
| 19 |
| vulnerability |
VCID-ew1c-9uyd-hyfa |
|
| 20 |
| vulnerability |
VCID-fq9j-ntxd-t3b3 |
|
| 21 |
| vulnerability |
VCID-g48w-36yx-tue3 |
|
| 22 |
| vulnerability |
VCID-gve2-x5zh-gqha |
|
| 23 |
| vulnerability |
VCID-htee-x1mv-sfhh |
|
| 24 |
| vulnerability |
VCID-hy5d-twhs-e7a3 |
|
| 25 |
| vulnerability |
VCID-jtq6-eykc-ykbz |
|
| 26 |
| vulnerability |
VCID-kjxw-f4f4-dydb |
|
| 27 |
| vulnerability |
VCID-mph7-qmm8-1fan |
|
| 28 |
| vulnerability |
VCID-p66f-cwf8-tfdr |
|
| 29 |
| vulnerability |
VCID-prvn-bejg-kufb |
|
| 30 |
| vulnerability |
VCID-px2q-ph74-1ue6 |
|
| 31 |
| vulnerability |
VCID-q11v-xn32-auch |
|
| 32 |
| vulnerability |
VCID-q8fz-36n2-vfh2 |
|
| 33 |
| vulnerability |
VCID-qbfa-rky7-juh5 |
|
| 34 |
| vulnerability |
VCID-qz6s-pjqj-7uet |
|
| 35 |
| vulnerability |
VCID-sgc5-3xgm-tfa1 |
|
| 36 |
| vulnerability |
VCID-t3rz-wf43-a3bf |
|
| 37 |
| vulnerability |
VCID-tcda-8txy-7ygn |
|
| 38 |
| vulnerability |
VCID-vx7b-mwfx-5fg2 |
|
| 39 |
| vulnerability |
VCID-vxtq-wjad-3ue3 |
|
| 40 |
| vulnerability |
VCID-wfzw-3x26-tucg |
|
| 41 |
| vulnerability |
VCID-whh3-qs36-pqfq |
|
| 42 |
| vulnerability |
VCID-wuv4-qn69-zygh |
|
| 43 |
| vulnerability |
VCID-x3bz-ehvb-jyfs |
|
| 44 |
| vulnerability |
VCID-xbur-n6na-d7g1 |
|
| 45 |
| vulnerability |
VCID-yk5x-nt2m-5kgy |
|
| 46 |
| vulnerability |
VCID-zsxq-dasb-qyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@2.3.2 |
|
| 1 |
| url |
pkg:pypi/pillow@2.5.2 |
| purl |
pkg:pypi/pillow@2.5.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1uv3-mjkz-rkcr |
|
| 1 |
| vulnerability |
VCID-2gpf-94cu-6fcd |
|
| 2 |
| vulnerability |
VCID-3gam-zy4w-2ucr |
|
| 3 |
| vulnerability |
VCID-4tub-w66m-uyfu |
|
| 4 |
| vulnerability |
VCID-5h45-rcpb-q7bz |
|
| 5 |
| vulnerability |
VCID-612t-dcay-nqgq |
|
| 6 |
| vulnerability |
VCID-6qkd-kgxx-dyeq |
|
| 7 |
| vulnerability |
VCID-6wqw-esat-2ua2 |
|
| 8 |
| vulnerability |
VCID-7sps-ppua-ubb2 |
|
| 9 |
| vulnerability |
VCID-7v6e-3dxw-aubu |
|
| 10 |
| vulnerability |
VCID-7ya3-j9fa-zugj |
|
| 11 |
| vulnerability |
VCID-8gxw-hqk5-2uak |
|
| 12 |
| vulnerability |
VCID-8z6g-5td3-g7ej |
|
| 13 |
| vulnerability |
VCID-9hza-srk7-sucy |
|
| 14 |
| vulnerability |
VCID-9qm6-cbz9-b7c8 |
|
| 15 |
| vulnerability |
VCID-9v9s-wbu3-cqc7 |
|
| 16 |
| vulnerability |
VCID-cb58-eehb-j7cv |
|
| 17 |
| vulnerability |
VCID-ctaf-ff57-8yge |
|
| 18 |
| vulnerability |
VCID-d4dx-wbrv-gqaa |
|
| 19 |
| vulnerability |
VCID-dkcx-xcb8-3fgj |
|
| 20 |
| vulnerability |
VCID-ew1c-9uyd-hyfa |
|
| 21 |
| vulnerability |
VCID-fq9j-ntxd-t3b3 |
|
| 22 |
| vulnerability |
VCID-g48w-36yx-tue3 |
|
| 23 |
| vulnerability |
VCID-gve2-x5zh-gqha |
|
| 24 |
| vulnerability |
VCID-htee-x1mv-sfhh |
|
| 25 |
| vulnerability |
VCID-hy5d-twhs-e7a3 |
|
| 26 |
| vulnerability |
VCID-jtq6-eykc-ykbz |
|
| 27 |
| vulnerability |
VCID-kjxw-f4f4-dydb |
|
| 28 |
| vulnerability |
VCID-mph7-qmm8-1fan |
|
| 29 |
| vulnerability |
VCID-p66f-cwf8-tfdr |
|
| 30 |
| vulnerability |
VCID-prvn-bejg-kufb |
|
| 31 |
| vulnerability |
VCID-px2q-ph74-1ue6 |
|
| 32 |
| vulnerability |
VCID-q11v-xn32-auch |
|
| 33 |
| vulnerability |
VCID-q8fz-36n2-vfh2 |
|
| 34 |
| vulnerability |
VCID-qbfa-rky7-juh5 |
|
| 35 |
| vulnerability |
VCID-qz6s-pjqj-7uet |
|
| 36 |
| vulnerability |
VCID-t3rz-wf43-a3bf |
|
| 37 |
| vulnerability |
VCID-tcda-8txy-7ygn |
|
| 38 |
| vulnerability |
VCID-vx7b-mwfx-5fg2 |
|
| 39 |
| vulnerability |
VCID-vxtq-wjad-3ue3 |
|
| 40 |
| vulnerability |
VCID-wfzw-3x26-tucg |
|
| 41 |
| vulnerability |
VCID-whh3-qs36-pqfq |
|
| 42 |
| vulnerability |
VCID-wuv4-qn69-zygh |
|
| 43 |
| vulnerability |
VCID-x3bz-ehvb-jyfs |
|
| 44 |
| vulnerability |
VCID-xbur-n6na-d7g1 |
|
| 45 |
| vulnerability |
VCID-yk5x-nt2m-5kgy |
|
| 46 |
| vulnerability |
VCID-zsxq-dasb-qyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@2.5.2 |
|
|
| aliases |
CVE-2014-3589, GHSA-cfmr-38g9-f2h7, PYSEC-2014-10
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dm9u-y5aa-bfhc |
|
| 20 |
| url |
VCID-ew1c-9uyd-hyfa |
| vulnerability_id |
VCID-ew1c-9uyd-hyfa |
| summary |
The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 5 |
|
| 6 |
| reference_url |
https://pypi.python.org/pypi/Pillow/2.5.3 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://pypi.python.org/pypi/Pillow/2.5.3 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@2.5.3 |
| purl |
pkg:pypi/pillow@2.5.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1uv3-mjkz-rkcr |
|
| 1 |
| vulnerability |
VCID-2gpf-94cu-6fcd |
|
| 2 |
| vulnerability |
VCID-3gam-zy4w-2ucr |
|
| 3 |
| vulnerability |
VCID-4tub-w66m-uyfu |
|
| 4 |
| vulnerability |
VCID-5h45-rcpb-q7bz |
|
| 5 |
| vulnerability |
VCID-612t-dcay-nqgq |
|
| 6 |
| vulnerability |
VCID-6qkd-kgxx-dyeq |
|
| 7 |
| vulnerability |
VCID-6wqw-esat-2ua2 |
|
| 8 |
| vulnerability |
VCID-7sps-ppua-ubb2 |
|
| 9 |
| vulnerability |
VCID-7v6e-3dxw-aubu |
|
| 10 |
| vulnerability |
VCID-7ya3-j9fa-zugj |
|
| 11 |
| vulnerability |
VCID-8gxw-hqk5-2uak |
|
| 12 |
| vulnerability |
VCID-8z6g-5td3-g7ej |
|
| 13 |
| vulnerability |
VCID-9hza-srk7-sucy |
|
| 14 |
| vulnerability |
VCID-9qm6-cbz9-b7c8 |
|
| 15 |
| vulnerability |
VCID-9v9s-wbu3-cqc7 |
|
| 16 |
| vulnerability |
VCID-cb58-eehb-j7cv |
|
| 17 |
| vulnerability |
VCID-ctaf-ff57-8yge |
|
| 18 |
| vulnerability |
VCID-d4dx-wbrv-gqaa |
|
| 19 |
| vulnerability |
VCID-dkcx-xcb8-3fgj |
|
| 20 |
| vulnerability |
VCID-fq9j-ntxd-t3b3 |
|
| 21 |
| vulnerability |
VCID-g48w-36yx-tue3 |
|
| 22 |
| vulnerability |
VCID-gve2-x5zh-gqha |
|
| 23 |
| vulnerability |
VCID-htee-x1mv-sfhh |
|
| 24 |
| vulnerability |
VCID-hy5d-twhs-e7a3 |
|
| 25 |
| vulnerability |
VCID-jtq6-eykc-ykbz |
|
| 26 |
| vulnerability |
VCID-kjxw-f4f4-dydb |
|
| 27 |
| vulnerability |
VCID-mph7-qmm8-1fan |
|
| 28 |
| vulnerability |
VCID-p66f-cwf8-tfdr |
|
| 29 |
| vulnerability |
VCID-prvn-bejg-kufb |
|
| 30 |
| vulnerability |
VCID-px2q-ph74-1ue6 |
|
| 31 |
| vulnerability |
VCID-q11v-xn32-auch |
|
| 32 |
| vulnerability |
VCID-q8fz-36n2-vfh2 |
|
| 33 |
| vulnerability |
VCID-qbfa-rky7-juh5 |
|
| 34 |
| vulnerability |
VCID-qz6s-pjqj-7uet |
|
| 35 |
| vulnerability |
VCID-t3rz-wf43-a3bf |
|
| 36 |
| vulnerability |
VCID-tcda-8txy-7ygn |
|
| 37 |
| vulnerability |
VCID-vx7b-mwfx-5fg2 |
|
| 38 |
| vulnerability |
VCID-vxtq-wjad-3ue3 |
|
| 39 |
| vulnerability |
VCID-wfzw-3x26-tucg |
|
| 40 |
| vulnerability |
VCID-whh3-qs36-pqfq |
|
| 41 |
| vulnerability |
VCID-wuv4-qn69-zygh |
|
| 42 |
| vulnerability |
VCID-x3bz-ehvb-jyfs |
|
| 43 |
| vulnerability |
VCID-xbur-n6na-d7g1 |
|
| 44 |
| vulnerability |
VCID-yk5x-nt2m-5kgy |
|
| 45 |
| vulnerability |
VCID-zsxq-dasb-qyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@2.5.3 |
|
|
| aliases |
CVE-2014-3598, GHSA-j6f7-g425-4gmx, PYSEC-2015-15
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ew1c-9uyd-hyfa |
|
| 21 |
| url |
VCID-fq9j-ntxd-t3b3 |
| vulnerability_id |
VCID-fq9j-ntxd-t3b3 |
| summary |
An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
|
| 1 |
| value |
8.8 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@8.2.0 |
| purl |
pkg:pypi/pillow@8.2.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2gpf-94cu-6fcd |
|
| 1 |
| vulnerability |
VCID-4tub-w66m-uyfu |
|
| 2 |
| vulnerability |
VCID-7ya3-j9fa-zugj |
|
| 3 |
| vulnerability |
VCID-9hza-srk7-sucy |
|
| 4 |
| vulnerability |
VCID-d4dx-wbrv-gqaa |
|
| 5 |
| vulnerability |
VCID-dkcx-xcb8-3fgj |
|
| 6 |
| vulnerability |
VCID-q8fz-36n2-vfh2 |
|
| 7 |
| vulnerability |
VCID-vx7b-mwfx-5fg2 |
|
| 8 |
| vulnerability |
VCID-wfzw-3x26-tucg |
|
| 9 |
| vulnerability |
VCID-x3bz-ehvb-jyfs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0 |
|
|
| aliases |
CVE-2021-25287, GHSA-77gc-v2xv-rvvh, PYSEC-2021-137
|
| risk_score |
4.1 |
| exploitability |
0.5 |
| weighted_severity |
8.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fq9j-ntxd-t3b3 |
|
| 22 |
| url |
VCID-g48w-36yx-tue3 |
| vulnerability_id |
VCID-g48w-36yx-tue3 |
| summary |
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@8.1.1 |
| purl |
pkg:pypi/pillow@8.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2gpf-94cu-6fcd |
|
| 1 |
| vulnerability |
VCID-3gam-zy4w-2ucr |
|
| 2 |
| vulnerability |
VCID-4tub-w66m-uyfu |
|
| 3 |
| vulnerability |
VCID-7ya3-j9fa-zugj |
|
| 4 |
| vulnerability |
VCID-9hza-srk7-sucy |
|
| 5 |
| vulnerability |
VCID-d4dx-wbrv-gqaa |
|
| 6 |
| vulnerability |
VCID-dkcx-xcb8-3fgj |
|
| 7 |
| vulnerability |
VCID-fq9j-ntxd-t3b3 |
|
| 8 |
| vulnerability |
VCID-g48w-36yx-tue3 |
|
| 9 |
| vulnerability |
VCID-gve2-x5zh-gqha |
|
| 10 |
| vulnerability |
VCID-htee-x1mv-sfhh |
|
| 11 |
| vulnerability |
VCID-prvn-bejg-kufb |
|
| 12 |
| vulnerability |
VCID-q8fz-36n2-vfh2 |
|
| 13 |
| vulnerability |
VCID-qbfa-rky7-juh5 |
|
| 14 |
| vulnerability |
VCID-tcda-8txy-7ygn |
|
| 15 |
| vulnerability |
VCID-vx7b-mwfx-5fg2 |
|
| 16 |
| vulnerability |
VCID-wfzw-3x26-tucg |
|
| 17 |
| vulnerability |
VCID-x3bz-ehvb-jyfs |
|
| 18 |
| vulnerability |
VCID-yk5x-nt2m-5kgy |
|
| 19 |
| vulnerability |
VCID-zsxq-dasb-qyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1 |
|
| 1 |
| url |
pkg:pypi/pillow@8.1.2 |
| purl |
pkg:pypi/pillow@8.1.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2gpf-94cu-6fcd |
|
| 1 |
| vulnerability |
VCID-4tub-w66m-uyfu |
|
| 2 |
| vulnerability |
VCID-7ya3-j9fa-zugj |
|
| 3 |
| vulnerability |
VCID-9hza-srk7-sucy |
|
| 4 |
| vulnerability |
VCID-d4dx-wbrv-gqaa |
|
| 5 |
| vulnerability |
VCID-dkcx-xcb8-3fgj |
|
| 6 |
| vulnerability |
VCID-fq9j-ntxd-t3b3 |
|
| 7 |
| vulnerability |
VCID-gve2-x5zh-gqha |
|
| 8 |
| vulnerability |
VCID-htee-x1mv-sfhh |
|
| 9 |
| vulnerability |
VCID-prvn-bejg-kufb |
|
| 10 |
| vulnerability |
VCID-q8fz-36n2-vfh2 |
|
| 11 |
| vulnerability |
VCID-qbfa-rky7-juh5 |
|
| 12 |
| vulnerability |
VCID-tcda-8txy-7ygn |
|
| 13 |
| vulnerability |
VCID-vx7b-mwfx-5fg2 |
|
| 14 |
| vulnerability |
VCID-wfzw-3x26-tucg |
|
| 15 |
| vulnerability |
VCID-x3bz-ehvb-jyfs |
|
| 16 |
| vulnerability |
VCID-yk5x-nt2m-5kgy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.2 |
|
|
| aliases |
CVE-2021-27921, GHSA-f4w8-cv6p-x6r5, PYSEC-2021-40
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-g48w-36yx-tue3 |
|
| 23 |
| url |
VCID-gve2-x5zh-gqha |
| vulnerability_id |
VCID-gve2-x5zh-gqha |
| summary |
An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@8.2.0 |
| purl |
pkg:pypi/pillow@8.2.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2gpf-94cu-6fcd |
|
| 1 |
| vulnerability |
VCID-4tub-w66m-uyfu |
|
| 2 |
| vulnerability |
VCID-7ya3-j9fa-zugj |
|
| 3 |
| vulnerability |
VCID-9hza-srk7-sucy |
|
| 4 |
| vulnerability |
VCID-d4dx-wbrv-gqaa |
|
| 5 |
| vulnerability |
VCID-dkcx-xcb8-3fgj |
|
| 6 |
| vulnerability |
VCID-q8fz-36n2-vfh2 |
|
| 7 |
| vulnerability |
VCID-vx7b-mwfx-5fg2 |
|
| 8 |
| vulnerability |
VCID-wfzw-3x26-tucg |
|
| 9 |
| vulnerability |
VCID-x3bz-ehvb-jyfs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0 |
|
|
| aliases |
CVE-2021-28675, GHSA-g6rj-rv7j-xwp4, PYSEC-2021-139
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gve2-x5zh-gqha |
|
| 24 |
| url |
VCID-htee-x1mv-sfhh |
| vulnerability_id |
VCID-htee-x1mv-sfhh |
| summary |
An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a DoS of Pillow in the open phase, before an image was accepted for opening. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@8.2.0 |
| purl |
pkg:pypi/pillow@8.2.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2gpf-94cu-6fcd |
|
| 1 |
| vulnerability |
VCID-4tub-w66m-uyfu |
|
| 2 |
| vulnerability |
VCID-7ya3-j9fa-zugj |
|
| 3 |
| vulnerability |
VCID-9hza-srk7-sucy |
|
| 4 |
| vulnerability |
VCID-d4dx-wbrv-gqaa |
|
| 5 |
| vulnerability |
VCID-dkcx-xcb8-3fgj |
|
| 6 |
| vulnerability |
VCID-q8fz-36n2-vfh2 |
|
| 7 |
| vulnerability |
VCID-vx7b-mwfx-5fg2 |
|
| 8 |
| vulnerability |
VCID-wfzw-3x26-tucg |
|
| 9 |
| vulnerability |
VCID-x3bz-ehvb-jyfs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0 |
|
|
| aliases |
CVE-2021-28677, GHSA-q5hq-fp76-qmrc, PYSEC-2021-93
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-htee-x1mv-sfhh |
|
| 25 |
| url |
VCID-hy5d-twhs-e7a3 |
| vulnerability_id |
VCID-hy5d-twhs-e7a3 |
| summary |
Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@3.1.1 |
| purl |
pkg:pypi/pillow@3.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2gpf-94cu-6fcd |
|
| 1 |
| vulnerability |
VCID-3gam-zy4w-2ucr |
|
| 2 |
| vulnerability |
VCID-4tub-w66m-uyfu |
|
| 3 |
| vulnerability |
VCID-5h45-rcpb-q7bz |
|
| 4 |
| vulnerability |
VCID-612t-dcay-nqgq |
|
| 5 |
| vulnerability |
VCID-6qkd-kgxx-dyeq |
|
| 6 |
| vulnerability |
VCID-6wqw-esat-2ua2 |
|
| 7 |
| vulnerability |
VCID-7sps-ppua-ubb2 |
|
| 8 |
| vulnerability |
VCID-7v6e-3dxw-aubu |
|
| 9 |
| vulnerability |
VCID-7ya3-j9fa-zugj |
|
| 10 |
| vulnerability |
VCID-8z6g-5td3-g7ej |
|
| 11 |
| vulnerability |
VCID-9hza-srk7-sucy |
|
| 12 |
| vulnerability |
VCID-9qm6-cbz9-b7c8 |
|
| 13 |
| vulnerability |
VCID-9v9s-wbu3-cqc7 |
|
| 14 |
| vulnerability |
VCID-cb58-eehb-j7cv |
|
| 15 |
| vulnerability |
VCID-d4dx-wbrv-gqaa |
|
| 16 |
| vulnerability |
VCID-dkcx-xcb8-3fgj |
|
| 17 |
| vulnerability |
VCID-fq9j-ntxd-t3b3 |
|
| 18 |
| vulnerability |
VCID-g48w-36yx-tue3 |
|
| 19 |
| vulnerability |
VCID-gve2-x5zh-gqha |
|
| 20 |
| vulnerability |
VCID-htee-x1mv-sfhh |
|
| 21 |
| vulnerability |
VCID-jtq6-eykc-ykbz |
|
| 22 |
| vulnerability |
VCID-kjxw-f4f4-dydb |
|
| 23 |
| vulnerability |
VCID-mph7-qmm8-1fan |
|
| 24 |
| vulnerability |
VCID-p66f-cwf8-tfdr |
|
| 25 |
| vulnerability |
VCID-prvn-bejg-kufb |
|
| 26 |
| vulnerability |
VCID-px2q-ph74-1ue6 |
|
| 27 |
| vulnerability |
VCID-q8fz-36n2-vfh2 |
|
| 28 |
| vulnerability |
VCID-qbfa-rky7-juh5 |
|
| 29 |
| vulnerability |
VCID-qz6s-pjqj-7uet |
|
| 30 |
| vulnerability |
VCID-t3rz-wf43-a3bf |
|
| 31 |
| vulnerability |
VCID-tcda-8txy-7ygn |
|
| 32 |
| vulnerability |
VCID-vx7b-mwfx-5fg2 |
|
| 33 |
| vulnerability |
VCID-vxtq-wjad-3ue3 |
|
| 34 |
| vulnerability |
VCID-wfzw-3x26-tucg |
|
| 35 |
| vulnerability |
VCID-whh3-qs36-pqfq |
|
| 36 |
| vulnerability |
VCID-wuv4-qn69-zygh |
|
| 37 |
| vulnerability |
VCID-x3bz-ehvb-jyfs |
|
| 38 |
| vulnerability |
VCID-xbur-n6na-d7g1 |
|
| 39 |
| vulnerability |
VCID-yk5x-nt2m-5kgy |
|
| 40 |
| vulnerability |
VCID-zsxq-dasb-qyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@3.1.1 |
|
|
| aliases |
CVE-2016-0740, GHSA-hggx-3h72-49ww, PYSEC-2016-5
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hy5d-twhs-e7a3 |
|
| 26 |
| url |
VCID-jtq6-eykc-ykbz |
| vulnerability_id |
VCID-jtq6-eykc-ykbz |
| summary |
In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
| reference_url |
https://usn.ubuntu.com/4430-2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4430-2 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@7.1.0 |
| purl |
pkg:pypi/pillow@7.1.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2gpf-94cu-6fcd |
|
| 1 |
| vulnerability |
VCID-3gam-zy4w-2ucr |
|
| 2 |
| vulnerability |
VCID-4tub-w66m-uyfu |
|
| 3 |
| vulnerability |
VCID-5h45-rcpb-q7bz |
|
| 4 |
| vulnerability |
VCID-612t-dcay-nqgq |
|
| 5 |
| vulnerability |
VCID-7hcs-pkze-6ba4 |
|
| 6 |
| vulnerability |
VCID-7v6e-3dxw-aubu |
|
| 7 |
| vulnerability |
VCID-7ya3-j9fa-zugj |
|
| 8 |
| vulnerability |
VCID-8z6g-5td3-g7ej |
|
| 9 |
| vulnerability |
VCID-9hza-srk7-sucy |
|
| 10 |
| vulnerability |
VCID-d4dx-wbrv-gqaa |
|
| 11 |
| vulnerability |
VCID-dkcx-xcb8-3fgj |
|
| 12 |
| vulnerability |
VCID-fq9j-ntxd-t3b3 |
|
| 13 |
| vulnerability |
VCID-g48w-36yx-tue3 |
|
| 14 |
| vulnerability |
VCID-gve2-x5zh-gqha |
|
| 15 |
| vulnerability |
VCID-htee-x1mv-sfhh |
|
| 16 |
| vulnerability |
VCID-kjxw-f4f4-dydb |
|
| 17 |
| vulnerability |
VCID-prvn-bejg-kufb |
|
| 18 |
| vulnerability |
VCID-q8fz-36n2-vfh2 |
|
| 19 |
| vulnerability |
VCID-qbfa-rky7-juh5 |
|
| 20 |
| vulnerability |
VCID-qz6s-pjqj-7uet |
|
| 21 |
| vulnerability |
VCID-tcda-8txy-7ygn |
|
| 22 |
| vulnerability |
VCID-vx7b-mwfx-5fg2 |
|
| 23 |
| vulnerability |
VCID-wfzw-3x26-tucg |
|
| 24 |
| vulnerability |
VCID-wuv4-qn69-zygh |
|
| 25 |
| vulnerability |
VCID-x3bz-ehvb-jyfs |
|
| 26 |
| vulnerability |
VCID-yk5x-nt2m-5kgy |
|
| 27 |
| vulnerability |
VCID-zsxq-dasb-qyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@7.1.0 |
|
|
| aliases |
CVE-2020-10379, GHSA-8843-m7mw-mxqm, PYSEC-2020-78
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jtq6-eykc-ykbz |
|
| 27 |
| url |
VCID-kjxw-f4f4-dydb |
| vulnerability_id |
VCID-kjxw-f4f4-dydb |
| summary |
In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@8.1.0 |
| purl |
pkg:pypi/pillow@8.1.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2gpf-94cu-6fcd |
|
| 1 |
| vulnerability |
VCID-3gam-zy4w-2ucr |
|
| 2 |
| vulnerability |
VCID-4tub-w66m-uyfu |
|
| 3 |
| vulnerability |
VCID-5h45-rcpb-q7bz |
|
| 4 |
| vulnerability |
VCID-612t-dcay-nqgq |
|
| 5 |
| vulnerability |
VCID-7ya3-j9fa-zugj |
|
| 6 |
| vulnerability |
VCID-8z6g-5td3-g7ej |
|
| 7 |
| vulnerability |
VCID-9hza-srk7-sucy |
|
| 8 |
| vulnerability |
VCID-d4dx-wbrv-gqaa |
|
| 9 |
| vulnerability |
VCID-dkcx-xcb8-3fgj |
|
| 10 |
| vulnerability |
VCID-fq9j-ntxd-t3b3 |
|
| 11 |
| vulnerability |
VCID-g48w-36yx-tue3 |
|
| 12 |
| vulnerability |
VCID-gve2-x5zh-gqha |
|
| 13 |
| vulnerability |
VCID-htee-x1mv-sfhh |
|
| 14 |
| vulnerability |
VCID-prvn-bejg-kufb |
|
| 15 |
| vulnerability |
VCID-q8fz-36n2-vfh2 |
|
| 16 |
| vulnerability |
VCID-qbfa-rky7-juh5 |
|
| 17 |
| vulnerability |
VCID-qz6s-pjqj-7uet |
|
| 18 |
| vulnerability |
VCID-tcda-8txy-7ygn |
|
| 19 |
| vulnerability |
VCID-vx7b-mwfx-5fg2 |
|
| 20 |
| vulnerability |
VCID-wfzw-3x26-tucg |
|
| 21 |
| vulnerability |
VCID-wuv4-qn69-zygh |
|
| 22 |
| vulnerability |
VCID-x3bz-ehvb-jyfs |
|
| 23 |
| vulnerability |
VCID-yk5x-nt2m-5kgy |
|
| 24 |
| vulnerability |
VCID-zsxq-dasb-qyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.0 |
|
|
| aliases |
CVE-2020-35654, GHSA-vqcj-wrf2-7v73, PYSEC-2021-70
|
| risk_score |
4.4 |
| exploitability |
0.5 |
| weighted_severity |
8.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kjxw-f4f4-dydb |
|
| 28 |
| url |
VCID-mph7-qmm8-1fan |
| vulnerability_id |
VCID-mph7-qmm8-1fan |
| summary |
libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H |
|
| 1 |
| value |
8.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
| reference_url |
https://usn.ubuntu.com/4272-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H |
|
| 1 |
| value |
8.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4272-1 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@6.2.2 |
| purl |
pkg:pypi/pillow@6.2.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2gpf-94cu-6fcd |
|
| 1 |
| vulnerability |
VCID-3gam-zy4w-2ucr |
|
| 2 |
| vulnerability |
VCID-4tub-w66m-uyfu |
|
| 3 |
| vulnerability |
VCID-5h45-rcpb-q7bz |
|
| 4 |
| vulnerability |
VCID-612t-dcay-nqgq |
|
| 5 |
| vulnerability |
VCID-7hcs-pkze-6ba4 |
|
| 6 |
| vulnerability |
VCID-7v6e-3dxw-aubu |
|
| 7 |
| vulnerability |
VCID-7ya3-j9fa-zugj |
|
| 8 |
| vulnerability |
VCID-8z6g-5td3-g7ej |
|
| 9 |
| vulnerability |
VCID-9hza-srk7-sucy |
|
| 10 |
| vulnerability |
VCID-9v9s-wbu3-cqc7 |
|
| 11 |
| vulnerability |
VCID-d4dx-wbrv-gqaa |
|
| 12 |
| vulnerability |
VCID-dkcx-xcb8-3fgj |
|
| 13 |
| vulnerability |
VCID-fq9j-ntxd-t3b3 |
|
| 14 |
| vulnerability |
VCID-g48w-36yx-tue3 |
|
| 15 |
| vulnerability |
VCID-gve2-x5zh-gqha |
|
| 16 |
| vulnerability |
VCID-htee-x1mv-sfhh |
|
| 17 |
| vulnerability |
VCID-jtq6-eykc-ykbz |
|
| 18 |
| vulnerability |
VCID-kjxw-f4f4-dydb |
|
| 19 |
| vulnerability |
VCID-prvn-bejg-kufb |
|
| 20 |
| vulnerability |
VCID-q8fz-36n2-vfh2 |
|
| 21 |
| vulnerability |
VCID-qbfa-rky7-juh5 |
|
| 22 |
| vulnerability |
VCID-qz6s-pjqj-7uet |
|
| 23 |
| vulnerability |
VCID-t3rz-wf43-a3bf |
|
| 24 |
| vulnerability |
VCID-tcda-8txy-7ygn |
|
| 25 |
| vulnerability |
VCID-vx7b-mwfx-5fg2 |
|
| 26 |
| vulnerability |
VCID-wfzw-3x26-tucg |
|
| 27 |
| vulnerability |
VCID-whh3-qs36-pqfq |
|
| 28 |
| vulnerability |
VCID-wuv4-qn69-zygh |
|
| 29 |
| vulnerability |
VCID-x3bz-ehvb-jyfs |
|
| 30 |
| vulnerability |
VCID-xbur-n6na-d7g1 |
|
| 31 |
| vulnerability |
VCID-yk5x-nt2m-5kgy |
|
| 32 |
| vulnerability |
VCID-zsxq-dasb-qyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@6.2.2 |
|
|
| aliases |
CVE-2020-5313, GHSA-hj69-c76v-86wr, PYSEC-2020-84
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mph7-qmm8-1fan |
|
| 29 |
| url |
VCID-p66f-cwf8-tfdr |
| vulnerability_id |
VCID-p66f-cwf8-tfdr |
| summary |
libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
| reference_url |
https://usn.ubuntu.com/4272-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4272-1 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@6.2.2 |
| purl |
pkg:pypi/pillow@6.2.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2gpf-94cu-6fcd |
|
| 1 |
| vulnerability |
VCID-3gam-zy4w-2ucr |
|
| 2 |
| vulnerability |
VCID-4tub-w66m-uyfu |
|
| 3 |
| vulnerability |
VCID-5h45-rcpb-q7bz |
|
| 4 |
| vulnerability |
VCID-612t-dcay-nqgq |
|
| 5 |
| vulnerability |
VCID-7hcs-pkze-6ba4 |
|
| 6 |
| vulnerability |
VCID-7v6e-3dxw-aubu |
|
| 7 |
| vulnerability |
VCID-7ya3-j9fa-zugj |
|
| 8 |
| vulnerability |
VCID-8z6g-5td3-g7ej |
|
| 9 |
| vulnerability |
VCID-9hza-srk7-sucy |
|
| 10 |
| vulnerability |
VCID-9v9s-wbu3-cqc7 |
|
| 11 |
| vulnerability |
VCID-d4dx-wbrv-gqaa |
|
| 12 |
| vulnerability |
VCID-dkcx-xcb8-3fgj |
|
| 13 |
| vulnerability |
VCID-fq9j-ntxd-t3b3 |
|
| 14 |
| vulnerability |
VCID-g48w-36yx-tue3 |
|
| 15 |
| vulnerability |
VCID-gve2-x5zh-gqha |
|
| 16 |
| vulnerability |
VCID-htee-x1mv-sfhh |
|
| 17 |
| vulnerability |
VCID-jtq6-eykc-ykbz |
|
| 18 |
| vulnerability |
VCID-kjxw-f4f4-dydb |
|
| 19 |
| vulnerability |
VCID-prvn-bejg-kufb |
|
| 20 |
| vulnerability |
VCID-q8fz-36n2-vfh2 |
|
| 21 |
| vulnerability |
VCID-qbfa-rky7-juh5 |
|
| 22 |
| vulnerability |
VCID-qz6s-pjqj-7uet |
|
| 23 |
| vulnerability |
VCID-t3rz-wf43-a3bf |
|
| 24 |
| vulnerability |
VCID-tcda-8txy-7ygn |
|
| 25 |
| vulnerability |
VCID-vx7b-mwfx-5fg2 |
|
| 26 |
| vulnerability |
VCID-wfzw-3x26-tucg |
|
| 27 |
| vulnerability |
VCID-whh3-qs36-pqfq |
|
| 28 |
| vulnerability |
VCID-wuv4-qn69-zygh |
|
| 29 |
| vulnerability |
VCID-x3bz-ehvb-jyfs |
|
| 30 |
| vulnerability |
VCID-xbur-n6na-d7g1 |
|
| 31 |
| vulnerability |
VCID-yk5x-nt2m-5kgy |
|
| 32 |
| vulnerability |
VCID-zsxq-dasb-qyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@6.2.2 |
|
|
| aliases |
CVE-2020-5312, GHSA-p49h-hjvm-jg3h, PYSEC-2020-83
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-p66f-cwf8-tfdr |
|
| 30 |
| url |
VCID-prvn-bejg-kufb |
| vulnerability_id |
VCID-prvn-bejg-kufb |
| summary |
An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
|
| 1 |
| value |
8.8 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@8.2.0 |
| purl |
pkg:pypi/pillow@8.2.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2gpf-94cu-6fcd |
|
| 1 |
| vulnerability |
VCID-4tub-w66m-uyfu |
|
| 2 |
| vulnerability |
VCID-7ya3-j9fa-zugj |
|
| 3 |
| vulnerability |
VCID-9hza-srk7-sucy |
|
| 4 |
| vulnerability |
VCID-d4dx-wbrv-gqaa |
|
| 5 |
| vulnerability |
VCID-dkcx-xcb8-3fgj |
|
| 6 |
| vulnerability |
VCID-q8fz-36n2-vfh2 |
|
| 7 |
| vulnerability |
VCID-vx7b-mwfx-5fg2 |
|
| 8 |
| vulnerability |
VCID-wfzw-3x26-tucg |
|
| 9 |
| vulnerability |
VCID-x3bz-ehvb-jyfs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0 |
|
|
| aliases |
CVE-2021-25288, GHSA-rwv7-3v45-hg29, PYSEC-2021-138
|
| risk_score |
4.1 |
| exploitability |
0.5 |
| weighted_severity |
8.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-prvn-bejg-kufb |
|
| 31 |
| url |
VCID-px2q-ph74-1ue6 |
| vulnerability_id |
VCID-px2q-ph74-1ue6 |
| summary |
Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
| reference_url |
http://www.securityfocus.com/bid/94234 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.securityfocus.com/bid/94234 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@3.3.2 |
| purl |
pkg:pypi/pillow@3.3.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2gpf-94cu-6fcd |
|
| 1 |
| vulnerability |
VCID-3gam-zy4w-2ucr |
|
| 2 |
| vulnerability |
VCID-4tub-w66m-uyfu |
|
| 3 |
| vulnerability |
VCID-5h45-rcpb-q7bz |
|
| 4 |
| vulnerability |
VCID-612t-dcay-nqgq |
|
| 5 |
| vulnerability |
VCID-7sps-ppua-ubb2 |
|
| 6 |
| vulnerability |
VCID-7v6e-3dxw-aubu |
|
| 7 |
| vulnerability |
VCID-7ya3-j9fa-zugj |
|
| 8 |
| vulnerability |
VCID-8z6g-5td3-g7ej |
|
| 9 |
| vulnerability |
VCID-9hza-srk7-sucy |
|
| 10 |
| vulnerability |
VCID-9qm6-cbz9-b7c8 |
|
| 11 |
| vulnerability |
VCID-9v9s-wbu3-cqc7 |
|
| 12 |
| vulnerability |
VCID-cb58-eehb-j7cv |
|
| 13 |
| vulnerability |
VCID-d4dx-wbrv-gqaa |
|
| 14 |
| vulnerability |
VCID-dkcx-xcb8-3fgj |
|
| 15 |
| vulnerability |
VCID-fq9j-ntxd-t3b3 |
|
| 16 |
| vulnerability |
VCID-g48w-36yx-tue3 |
|
| 17 |
| vulnerability |
VCID-gve2-x5zh-gqha |
|
| 18 |
| vulnerability |
VCID-htee-x1mv-sfhh |
|
| 19 |
| vulnerability |
VCID-jtq6-eykc-ykbz |
|
| 20 |
| vulnerability |
VCID-kjxw-f4f4-dydb |
|
| 21 |
| vulnerability |
VCID-mph7-qmm8-1fan |
|
| 22 |
| vulnerability |
VCID-p66f-cwf8-tfdr |
|
| 23 |
| vulnerability |
VCID-prvn-bejg-kufb |
|
| 24 |
| vulnerability |
VCID-q8fz-36n2-vfh2 |
|
| 25 |
| vulnerability |
VCID-qbfa-rky7-juh5 |
|
| 26 |
| vulnerability |
VCID-qz6s-pjqj-7uet |
|
| 27 |
| vulnerability |
VCID-t3rz-wf43-a3bf |
|
| 28 |
| vulnerability |
VCID-tcda-8txy-7ygn |
|
| 29 |
| vulnerability |
VCID-vx7b-mwfx-5fg2 |
|
| 30 |
| vulnerability |
VCID-vxtq-wjad-3ue3 |
|
| 31 |
| vulnerability |
VCID-wfzw-3x26-tucg |
|
| 32 |
| vulnerability |
VCID-whh3-qs36-pqfq |
|
| 33 |
| vulnerability |
VCID-wuv4-qn69-zygh |
|
| 34 |
| vulnerability |
VCID-x3bz-ehvb-jyfs |
|
| 35 |
| vulnerability |
VCID-xbur-n6na-d7g1 |
|
| 36 |
| vulnerability |
VCID-yk5x-nt2m-5kgy |
|
| 37 |
| vulnerability |
VCID-zsxq-dasb-qyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@3.3.2 |
|
|
| aliases |
CVE-2016-9190, GHSA-w4vg-rf63-f3j3, PYSEC-2016-9
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-px2q-ph74-1ue6 |
|
| 32 |
| url |
VCID-q11v-xn32-auch |
| vulnerability_id |
VCID-q11v-xn32-auch |
| summary |
Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@3.1.1 |
| purl |
pkg:pypi/pillow@3.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2gpf-94cu-6fcd |
|
| 1 |
| vulnerability |
VCID-3gam-zy4w-2ucr |
|
| 2 |
| vulnerability |
VCID-4tub-w66m-uyfu |
|
| 3 |
| vulnerability |
VCID-5h45-rcpb-q7bz |
|
| 4 |
| vulnerability |
VCID-612t-dcay-nqgq |
|
| 5 |
| vulnerability |
VCID-6qkd-kgxx-dyeq |
|
| 6 |
| vulnerability |
VCID-6wqw-esat-2ua2 |
|
| 7 |
| vulnerability |
VCID-7sps-ppua-ubb2 |
|
| 8 |
| vulnerability |
VCID-7v6e-3dxw-aubu |
|
| 9 |
| vulnerability |
VCID-7ya3-j9fa-zugj |
|
| 10 |
| vulnerability |
VCID-8z6g-5td3-g7ej |
|
| 11 |
| vulnerability |
VCID-9hza-srk7-sucy |
|
| 12 |
| vulnerability |
VCID-9qm6-cbz9-b7c8 |
|
| 13 |
| vulnerability |
VCID-9v9s-wbu3-cqc7 |
|
| 14 |
| vulnerability |
VCID-cb58-eehb-j7cv |
|
| 15 |
| vulnerability |
VCID-d4dx-wbrv-gqaa |
|
| 16 |
| vulnerability |
VCID-dkcx-xcb8-3fgj |
|
| 17 |
| vulnerability |
VCID-fq9j-ntxd-t3b3 |
|
| 18 |
| vulnerability |
VCID-g48w-36yx-tue3 |
|
| 19 |
| vulnerability |
VCID-gve2-x5zh-gqha |
|
| 20 |
| vulnerability |
VCID-htee-x1mv-sfhh |
|
| 21 |
| vulnerability |
VCID-jtq6-eykc-ykbz |
|
| 22 |
| vulnerability |
VCID-kjxw-f4f4-dydb |
|
| 23 |
| vulnerability |
VCID-mph7-qmm8-1fan |
|
| 24 |
| vulnerability |
VCID-p66f-cwf8-tfdr |
|
| 25 |
| vulnerability |
VCID-prvn-bejg-kufb |
|
| 26 |
| vulnerability |
VCID-px2q-ph74-1ue6 |
|
| 27 |
| vulnerability |
VCID-q8fz-36n2-vfh2 |
|
| 28 |
| vulnerability |
VCID-qbfa-rky7-juh5 |
|
| 29 |
| vulnerability |
VCID-qz6s-pjqj-7uet |
|
| 30 |
| vulnerability |
VCID-t3rz-wf43-a3bf |
|
| 31 |
| vulnerability |
VCID-tcda-8txy-7ygn |
|
| 32 |
| vulnerability |
VCID-vx7b-mwfx-5fg2 |
|
| 33 |
| vulnerability |
VCID-vxtq-wjad-3ue3 |
|
| 34 |
| vulnerability |
VCID-wfzw-3x26-tucg |
|
| 35 |
| vulnerability |
VCID-whh3-qs36-pqfq |
|
| 36 |
| vulnerability |
VCID-wuv4-qn69-zygh |
|
| 37 |
| vulnerability |
VCID-x3bz-ehvb-jyfs |
|
| 38 |
| vulnerability |
VCID-xbur-n6na-d7g1 |
|
| 39 |
| vulnerability |
VCID-yk5x-nt2m-5kgy |
|
| 40 |
| vulnerability |
VCID-zsxq-dasb-qyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@3.1.1 |
|
|
| aliases |
CVE-2016-0775, GHSA-8xjv-v9xq-m5h9, PYSEC-2016-6
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-q11v-xn32-auch |
|
| 33 |
| url |
VCID-q8fz-36n2-vfh2 |
| vulnerability_id |
VCID-q8fz-36n2-vfh2 |
| summary |
Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H |
|
| 1 |
| value |
8.8 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-24303, GHSA-9j59-75qj-795w, GMS-2022-348, PYSEC-2022-168
|
| risk_score |
4.1 |
| exploitability |
0.5 |
| weighted_severity |
8.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-q8fz-36n2-vfh2 |
|
| 34 |
| url |
VCID-qbfa-rky7-juh5 |
| vulnerability_id |
VCID-qbfa-rky7-juh5 |
| summary |
An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@8.2.0 |
| purl |
pkg:pypi/pillow@8.2.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2gpf-94cu-6fcd |
|
| 1 |
| vulnerability |
VCID-4tub-w66m-uyfu |
|
| 2 |
| vulnerability |
VCID-7ya3-j9fa-zugj |
|
| 3 |
| vulnerability |
VCID-9hza-srk7-sucy |
|
| 4 |
| vulnerability |
VCID-d4dx-wbrv-gqaa |
|
| 5 |
| vulnerability |
VCID-dkcx-xcb8-3fgj |
|
| 6 |
| vulnerability |
VCID-q8fz-36n2-vfh2 |
|
| 7 |
| vulnerability |
VCID-vx7b-mwfx-5fg2 |
|
| 8 |
| vulnerability |
VCID-wfzw-3x26-tucg |
|
| 9 |
| vulnerability |
VCID-x3bz-ehvb-jyfs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0 |
|
|
| aliases |
CVE-2021-28676, GHSA-7r7m-5h27-29hp, PYSEC-2021-92
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qbfa-rky7-juh5 |
|
| 35 |
| url |
VCID-qz6s-pjqj-7uet |
| vulnerability_id |
VCID-qz6s-pjqj-7uet |
| summary |
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@8.1.1 |
| purl |
pkg:pypi/pillow@8.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2gpf-94cu-6fcd |
|
| 1 |
| vulnerability |
VCID-3gam-zy4w-2ucr |
|
| 2 |
| vulnerability |
VCID-4tub-w66m-uyfu |
|
| 3 |
| vulnerability |
VCID-7ya3-j9fa-zugj |
|
| 4 |
| vulnerability |
VCID-9hza-srk7-sucy |
|
| 5 |
| vulnerability |
VCID-d4dx-wbrv-gqaa |
|
| 6 |
| vulnerability |
VCID-dkcx-xcb8-3fgj |
|
| 7 |
| vulnerability |
VCID-fq9j-ntxd-t3b3 |
|
| 8 |
| vulnerability |
VCID-g48w-36yx-tue3 |
|
| 9 |
| vulnerability |
VCID-gve2-x5zh-gqha |
|
| 10 |
| vulnerability |
VCID-htee-x1mv-sfhh |
|
| 11 |
| vulnerability |
VCID-prvn-bejg-kufb |
|
| 12 |
| vulnerability |
VCID-q8fz-36n2-vfh2 |
|
| 13 |
| vulnerability |
VCID-qbfa-rky7-juh5 |
|
| 14 |
| vulnerability |
VCID-tcda-8txy-7ygn |
|
| 15 |
| vulnerability |
VCID-vx7b-mwfx-5fg2 |
|
| 16 |
| vulnerability |
VCID-wfzw-3x26-tucg |
|
| 17 |
| vulnerability |
VCID-x3bz-ehvb-jyfs |
|
| 18 |
| vulnerability |
VCID-yk5x-nt2m-5kgy |
|
| 19 |
| vulnerability |
VCID-zsxq-dasb-qyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1 |
|
|
| aliases |
CVE-2021-25290, GHSA-8xjq-8fcg-g5hw, PYSEC-2021-36
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qz6s-pjqj-7uet |
|
| 36 |
| url |
VCID-sgc5-3xgm-tfa1 |
| vulnerability_id |
VCID-sgc5-3xgm-tfa1 |
| summary |
Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@2.5.0 |
| purl |
pkg:pypi/pillow@2.5.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1uv3-mjkz-rkcr |
|
| 1 |
| vulnerability |
VCID-2gpf-94cu-6fcd |
|
| 2 |
| vulnerability |
VCID-3gam-zy4w-2ucr |
|
| 3 |
| vulnerability |
VCID-4tub-w66m-uyfu |
|
| 4 |
| vulnerability |
VCID-5h45-rcpb-q7bz |
|
| 5 |
| vulnerability |
VCID-612t-dcay-nqgq |
|
| 6 |
| vulnerability |
VCID-6qkd-kgxx-dyeq |
|
| 7 |
| vulnerability |
VCID-6wqw-esat-2ua2 |
|
| 8 |
| vulnerability |
VCID-7sps-ppua-ubb2 |
|
| 9 |
| vulnerability |
VCID-7v6e-3dxw-aubu |
|
| 10 |
| vulnerability |
VCID-7ya3-j9fa-zugj |
|
| 11 |
| vulnerability |
VCID-8gxw-hqk5-2uak |
|
| 12 |
| vulnerability |
VCID-8z6g-5td3-g7ej |
|
| 13 |
| vulnerability |
VCID-9hza-srk7-sucy |
|
| 14 |
| vulnerability |
VCID-9qm6-cbz9-b7c8 |
|
| 15 |
| vulnerability |
VCID-9v9s-wbu3-cqc7 |
|
| 16 |
| vulnerability |
VCID-cb58-eehb-j7cv |
|
| 17 |
| vulnerability |
VCID-ctaf-ff57-8yge |
|
| 18 |
| vulnerability |
VCID-d4dx-wbrv-gqaa |
|
| 19 |
| vulnerability |
VCID-dkcx-xcb8-3fgj |
|
| 20 |
| vulnerability |
VCID-dm9u-y5aa-bfhc |
|
| 21 |
| vulnerability |
VCID-ew1c-9uyd-hyfa |
|
| 22 |
| vulnerability |
VCID-fq9j-ntxd-t3b3 |
|
| 23 |
| vulnerability |
VCID-g48w-36yx-tue3 |
|
| 24 |
| vulnerability |
VCID-gve2-x5zh-gqha |
|
| 25 |
| vulnerability |
VCID-htee-x1mv-sfhh |
|
| 26 |
| vulnerability |
VCID-hy5d-twhs-e7a3 |
|
| 27 |
| vulnerability |
VCID-jtq6-eykc-ykbz |
|
| 28 |
| vulnerability |
VCID-kjxw-f4f4-dydb |
|
| 29 |
| vulnerability |
VCID-mph7-qmm8-1fan |
|
| 30 |
| vulnerability |
VCID-p66f-cwf8-tfdr |
|
| 31 |
| vulnerability |
VCID-prvn-bejg-kufb |
|
| 32 |
| vulnerability |
VCID-px2q-ph74-1ue6 |
|
| 33 |
| vulnerability |
VCID-q11v-xn32-auch |
|
| 34 |
| vulnerability |
VCID-q8fz-36n2-vfh2 |
|
| 35 |
| vulnerability |
VCID-qbfa-rky7-juh5 |
|
| 36 |
| vulnerability |
VCID-qz6s-pjqj-7uet |
|
| 37 |
| vulnerability |
VCID-t3rz-wf43-a3bf |
|
| 38 |
| vulnerability |
VCID-tcda-8txy-7ygn |
|
| 39 |
| vulnerability |
VCID-vx7b-mwfx-5fg2 |
|
| 40 |
| vulnerability |
VCID-vxtq-wjad-3ue3 |
|
| 41 |
| vulnerability |
VCID-wfzw-3x26-tucg |
|
| 42 |
| vulnerability |
VCID-whh3-qs36-pqfq |
|
| 43 |
| vulnerability |
VCID-wuv4-qn69-zygh |
|
| 44 |
| vulnerability |
VCID-x3bz-ehvb-jyfs |
|
| 45 |
| vulnerability |
VCID-xbur-n6na-d7g1 |
|
| 46 |
| vulnerability |
VCID-yk5x-nt2m-5kgy |
|
| 47 |
| vulnerability |
VCID-zsxq-dasb-qyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@2.5.0 |
|
|
| aliases |
CVE-2014-3007, GHSA-8m9x-pxwq-j236, PYSEC-2014-87
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sgc5-3xgm-tfa1 |
|
| 37 |
| url |
VCID-t3rz-wf43-a3bf |
| vulnerability_id |
VCID-t3rz-wf43-a3bf |
| summary |
In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
| reference_url |
https://usn.ubuntu.com/4430-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4430-1 |
|
| 17 |
|
| 18 |
| reference_url |
https://usn.ubuntu.com/4430-2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4430-2 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@7.1.0 |
| purl |
pkg:pypi/pillow@7.1.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2gpf-94cu-6fcd |
|
| 1 |
| vulnerability |
VCID-3gam-zy4w-2ucr |
|
| 2 |
| vulnerability |
VCID-4tub-w66m-uyfu |
|
| 3 |
| vulnerability |
VCID-5h45-rcpb-q7bz |
|
| 4 |
| vulnerability |
VCID-612t-dcay-nqgq |
|
| 5 |
| vulnerability |
VCID-7hcs-pkze-6ba4 |
|
| 6 |
| vulnerability |
VCID-7v6e-3dxw-aubu |
|
| 7 |
| vulnerability |
VCID-7ya3-j9fa-zugj |
|
| 8 |
| vulnerability |
VCID-8z6g-5td3-g7ej |
|
| 9 |
| vulnerability |
VCID-9hza-srk7-sucy |
|
| 10 |
| vulnerability |
VCID-d4dx-wbrv-gqaa |
|
| 11 |
| vulnerability |
VCID-dkcx-xcb8-3fgj |
|
| 12 |
| vulnerability |
VCID-fq9j-ntxd-t3b3 |
|
| 13 |
| vulnerability |
VCID-g48w-36yx-tue3 |
|
| 14 |
| vulnerability |
VCID-gve2-x5zh-gqha |
|
| 15 |
| vulnerability |
VCID-htee-x1mv-sfhh |
|
| 16 |
| vulnerability |
VCID-kjxw-f4f4-dydb |
|
| 17 |
| vulnerability |
VCID-prvn-bejg-kufb |
|
| 18 |
| vulnerability |
VCID-q8fz-36n2-vfh2 |
|
| 19 |
| vulnerability |
VCID-qbfa-rky7-juh5 |
|
| 20 |
| vulnerability |
VCID-qz6s-pjqj-7uet |
|
| 21 |
| vulnerability |
VCID-tcda-8txy-7ygn |
|
| 22 |
| vulnerability |
VCID-vx7b-mwfx-5fg2 |
|
| 23 |
| vulnerability |
VCID-wfzw-3x26-tucg |
|
| 24 |
| vulnerability |
VCID-wuv4-qn69-zygh |
|
| 25 |
| vulnerability |
VCID-x3bz-ehvb-jyfs |
|
| 26 |
| vulnerability |
VCID-yk5x-nt2m-5kgy |
|
| 27 |
| vulnerability |
VCID-zsxq-dasb-qyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@7.1.0 |
|
|
| aliases |
CVE-2020-11538, GHSA-43fq-w8qq-v88h, PYSEC-2020-80
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-t3rz-wf43-a3bf |
|
| 38 |
| url |
VCID-tcda-8txy-7ygn |
| vulnerability_id |
VCID-tcda-8txy-7ygn |
| summary |
An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
6.8 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@8.2.0 |
| purl |
pkg:pypi/pillow@8.2.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2gpf-94cu-6fcd |
|
| 1 |
| vulnerability |
VCID-4tub-w66m-uyfu |
|
| 2 |
| vulnerability |
VCID-7ya3-j9fa-zugj |
|
| 3 |
| vulnerability |
VCID-9hza-srk7-sucy |
|
| 4 |
| vulnerability |
VCID-d4dx-wbrv-gqaa |
|
| 5 |
| vulnerability |
VCID-dkcx-xcb8-3fgj |
|
| 6 |
| vulnerability |
VCID-q8fz-36n2-vfh2 |
|
| 7 |
| vulnerability |
VCID-vx7b-mwfx-5fg2 |
|
| 8 |
| vulnerability |
VCID-wfzw-3x26-tucg |
|
| 9 |
| vulnerability |
VCID-x3bz-ehvb-jyfs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0 |
|
|
| aliases |
CVE-2021-28678, GHSA-hjfx-8p6c-g7gx, PYSEC-2021-94
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tcda-8txy-7ygn |
|
| 39 |
| url |
VCID-vx7b-mwfx-5fg2 |
| vulnerability_id |
VCID-vx7b-mwfx-5fg2 |
| summary |
Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification). |
| references |
| 0 |
|
| 1 |
| reference_url |
https://bugs.gentoo.org/855683 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://bugs.gentoo.org/855683 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-45198, GHSA-m2vv-5vj5-2hm7, PYSEC-2022-42979
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vx7b-mwfx-5fg2 |
|
| 40 |
| url |
VCID-vxtq-wjad-3ue3 |
| vulnerability_id |
VCID-vxtq-wjad-3ue3 |
| summary |
An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
| reference_url |
https://usn.ubuntu.com/4272-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4272-1 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@6.2.0 |
| purl |
pkg:pypi/pillow@6.2.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2gpf-94cu-6fcd |
|
| 1 |
| vulnerability |
VCID-3gam-zy4w-2ucr |
|
| 2 |
| vulnerability |
VCID-4tub-w66m-uyfu |
|
| 3 |
| vulnerability |
VCID-5h45-rcpb-q7bz |
|
| 4 |
| vulnerability |
VCID-612t-dcay-nqgq |
|
| 5 |
| vulnerability |
VCID-7hcs-pkze-6ba4 |
|
| 6 |
| vulnerability |
VCID-7sps-ppua-ubb2 |
|
| 7 |
| vulnerability |
VCID-7v6e-3dxw-aubu |
|
| 8 |
| vulnerability |
VCID-7ya3-j9fa-zugj |
|
| 9 |
| vulnerability |
VCID-8z6g-5td3-g7ej |
|
| 10 |
| vulnerability |
VCID-9hza-srk7-sucy |
|
| 11 |
| vulnerability |
VCID-9qm6-cbz9-b7c8 |
|
| 12 |
| vulnerability |
VCID-9v9s-wbu3-cqc7 |
|
| 13 |
| vulnerability |
VCID-cb58-eehb-j7cv |
|
| 14 |
| vulnerability |
VCID-d4dx-wbrv-gqaa |
|
| 15 |
| vulnerability |
VCID-dkcx-xcb8-3fgj |
|
| 16 |
| vulnerability |
VCID-fq9j-ntxd-t3b3 |
|
| 17 |
| vulnerability |
VCID-g48w-36yx-tue3 |
|
| 18 |
| vulnerability |
VCID-gve2-x5zh-gqha |
|
| 19 |
| vulnerability |
VCID-htee-x1mv-sfhh |
|
| 20 |
| vulnerability |
VCID-jtq6-eykc-ykbz |
|
| 21 |
| vulnerability |
VCID-kjxw-f4f4-dydb |
|
| 22 |
| vulnerability |
VCID-mph7-qmm8-1fan |
|
| 23 |
| vulnerability |
VCID-p66f-cwf8-tfdr |
|
| 24 |
| vulnerability |
VCID-prvn-bejg-kufb |
|
| 25 |
| vulnerability |
VCID-q8fz-36n2-vfh2 |
|
| 26 |
| vulnerability |
VCID-qbfa-rky7-juh5 |
|
| 27 |
| vulnerability |
VCID-qz6s-pjqj-7uet |
|
| 28 |
| vulnerability |
VCID-t3rz-wf43-a3bf |
|
| 29 |
| vulnerability |
VCID-tcda-8txy-7ygn |
|
| 30 |
| vulnerability |
VCID-vx7b-mwfx-5fg2 |
|
| 31 |
| vulnerability |
VCID-wfzw-3x26-tucg |
|
| 32 |
| vulnerability |
VCID-whh3-qs36-pqfq |
|
| 33 |
| vulnerability |
VCID-wuv4-qn69-zygh |
|
| 34 |
| vulnerability |
VCID-x3bz-ehvb-jyfs |
|
| 35 |
| vulnerability |
VCID-xbur-n6na-d7g1 |
|
| 36 |
| vulnerability |
VCID-yk5x-nt2m-5kgy |
|
| 37 |
| vulnerability |
VCID-zsxq-dasb-qyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@6.2.0 |
|
|
| aliases |
CVE-2019-16865, GHSA-j7mj-748x-7p78, PYSEC-2019-110
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vxtq-wjad-3ue3 |
|
| 41 |
| url |
VCID-wfzw-3x26-tucg |
| vulnerability_id |
VCID-wfzw-3x26-tucg |
| summary |
path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-22816, GHSA-xrcv-f9gm-v42c, PYSEC-2022-9
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wfzw-3x26-tucg |
|
| 42 |
| url |
VCID-whh3-qs36-pqfq |
| vulnerability_id |
VCID-whh3-qs36-pqfq |
| summary |
In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
| reference_url |
https://usn.ubuntu.com/4430-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4430-1 |
|
| 20 |
|
| 21 |
| reference_url |
https://usn.ubuntu.com/4430-2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4430-2 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@7.0.0 |
| purl |
pkg:pypi/pillow@7.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2gpf-94cu-6fcd |
|
| 1 |
| vulnerability |
VCID-3gam-zy4w-2ucr |
|
| 2 |
| vulnerability |
VCID-4tub-w66m-uyfu |
|
| 3 |
| vulnerability |
VCID-5h45-rcpb-q7bz |
|
| 4 |
| vulnerability |
VCID-612t-dcay-nqgq |
|
| 5 |
| vulnerability |
VCID-7hcs-pkze-6ba4 |
|
| 6 |
| vulnerability |
VCID-7v6e-3dxw-aubu |
|
| 7 |
| vulnerability |
VCID-7ya3-j9fa-zugj |
|
| 8 |
| vulnerability |
VCID-8z6g-5td3-g7ej |
|
| 9 |
| vulnerability |
VCID-9hza-srk7-sucy |
|
| 10 |
| vulnerability |
VCID-9v9s-wbu3-cqc7 |
|
| 11 |
| vulnerability |
VCID-d4dx-wbrv-gqaa |
|
| 12 |
| vulnerability |
VCID-dkcx-xcb8-3fgj |
|
| 13 |
| vulnerability |
VCID-fq9j-ntxd-t3b3 |
|
| 14 |
| vulnerability |
VCID-g48w-36yx-tue3 |
|
| 15 |
| vulnerability |
VCID-gve2-x5zh-gqha |
|
| 16 |
| vulnerability |
VCID-htee-x1mv-sfhh |
|
| 17 |
| vulnerability |
VCID-jtq6-eykc-ykbz |
|
| 18 |
| vulnerability |
VCID-kjxw-f4f4-dydb |
|
| 19 |
| vulnerability |
VCID-prvn-bejg-kufb |
|
| 20 |
| vulnerability |
VCID-q8fz-36n2-vfh2 |
|
| 21 |
| vulnerability |
VCID-qbfa-rky7-juh5 |
|
| 22 |
| vulnerability |
VCID-qz6s-pjqj-7uet |
|
| 23 |
| vulnerability |
VCID-t3rz-wf43-a3bf |
|
| 24 |
| vulnerability |
VCID-tcda-8txy-7ygn |
|
| 25 |
| vulnerability |
VCID-vx7b-mwfx-5fg2 |
|
| 26 |
| vulnerability |
VCID-wfzw-3x26-tucg |
|
| 27 |
| vulnerability |
VCID-whh3-qs36-pqfq |
|
| 28 |
| vulnerability |
VCID-wuv4-qn69-zygh |
|
| 29 |
| vulnerability |
VCID-x3bz-ehvb-jyfs |
|
| 30 |
| vulnerability |
VCID-xbur-n6na-d7g1 |
|
| 31 |
| vulnerability |
VCID-yk5x-nt2m-5kgy |
|
| 32 |
| vulnerability |
VCID-zsxq-dasb-qyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@7.0.0 |
|
| 1 |
| url |
pkg:pypi/pillow@7.1.0 |
| purl |
pkg:pypi/pillow@7.1.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2gpf-94cu-6fcd |
|
| 1 |
| vulnerability |
VCID-3gam-zy4w-2ucr |
|
| 2 |
| vulnerability |
VCID-4tub-w66m-uyfu |
|
| 3 |
| vulnerability |
VCID-5h45-rcpb-q7bz |
|
| 4 |
| vulnerability |
VCID-612t-dcay-nqgq |
|
| 5 |
| vulnerability |
VCID-7hcs-pkze-6ba4 |
|
| 6 |
| vulnerability |
VCID-7v6e-3dxw-aubu |
|
| 7 |
| vulnerability |
VCID-7ya3-j9fa-zugj |
|
| 8 |
| vulnerability |
VCID-8z6g-5td3-g7ej |
|
| 9 |
| vulnerability |
VCID-9hza-srk7-sucy |
|
| 10 |
| vulnerability |
VCID-d4dx-wbrv-gqaa |
|
| 11 |
| vulnerability |
VCID-dkcx-xcb8-3fgj |
|
| 12 |
| vulnerability |
VCID-fq9j-ntxd-t3b3 |
|
| 13 |
| vulnerability |
VCID-g48w-36yx-tue3 |
|
| 14 |
| vulnerability |
VCID-gve2-x5zh-gqha |
|
| 15 |
| vulnerability |
VCID-htee-x1mv-sfhh |
|
| 16 |
| vulnerability |
VCID-kjxw-f4f4-dydb |
|
| 17 |
| vulnerability |
VCID-prvn-bejg-kufb |
|
| 18 |
| vulnerability |
VCID-q8fz-36n2-vfh2 |
|
| 19 |
| vulnerability |
VCID-qbfa-rky7-juh5 |
|
| 20 |
| vulnerability |
VCID-qz6s-pjqj-7uet |
|
| 21 |
| vulnerability |
VCID-tcda-8txy-7ygn |
|
| 22 |
| vulnerability |
VCID-vx7b-mwfx-5fg2 |
|
| 23 |
| vulnerability |
VCID-wfzw-3x26-tucg |
|
| 24 |
| vulnerability |
VCID-wuv4-qn69-zygh |
|
| 25 |
| vulnerability |
VCID-x3bz-ehvb-jyfs |
|
| 26 |
| vulnerability |
VCID-yk5x-nt2m-5kgy |
|
| 27 |
| vulnerability |
VCID-zsxq-dasb-qyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@7.1.0 |
|
|
| aliases |
CVE-2020-10994, GHSA-vj42-xq3r-hr3r, PYSEC-2020-79
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-whh3-qs36-pqfq |
|
| 43 |
| url |
VCID-wuv4-qn69-zygh |
| vulnerability_id |
VCID-wuv4-qn69-zygh |
| summary |
An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@8.1.1 |
| purl |
pkg:pypi/pillow@8.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2gpf-94cu-6fcd |
|
| 1 |
| vulnerability |
VCID-3gam-zy4w-2ucr |
|
| 2 |
| vulnerability |
VCID-4tub-w66m-uyfu |
|
| 3 |
| vulnerability |
VCID-7ya3-j9fa-zugj |
|
| 4 |
| vulnerability |
VCID-9hza-srk7-sucy |
|
| 5 |
| vulnerability |
VCID-d4dx-wbrv-gqaa |
|
| 6 |
| vulnerability |
VCID-dkcx-xcb8-3fgj |
|
| 7 |
| vulnerability |
VCID-fq9j-ntxd-t3b3 |
|
| 8 |
| vulnerability |
VCID-g48w-36yx-tue3 |
|
| 9 |
| vulnerability |
VCID-gve2-x5zh-gqha |
|
| 10 |
| vulnerability |
VCID-htee-x1mv-sfhh |
|
| 11 |
| vulnerability |
VCID-prvn-bejg-kufb |
|
| 12 |
| vulnerability |
VCID-q8fz-36n2-vfh2 |
|
| 13 |
| vulnerability |
VCID-qbfa-rky7-juh5 |
|
| 14 |
| vulnerability |
VCID-tcda-8txy-7ygn |
|
| 15 |
| vulnerability |
VCID-vx7b-mwfx-5fg2 |
|
| 16 |
| vulnerability |
VCID-wfzw-3x26-tucg |
|
| 17 |
| vulnerability |
VCID-x3bz-ehvb-jyfs |
|
| 18 |
| vulnerability |
VCID-yk5x-nt2m-5kgy |
|
| 19 |
| vulnerability |
VCID-zsxq-dasb-qyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1 |
|
|
| aliases |
CVE-2021-25292, GHSA-9hx2-hgq2-2g4f, PYSEC-2021-38
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wuv4-qn69-zygh |
|
| 44 |
| url |
VCID-wz8g-dfys-mqaw |
| vulnerability_id |
VCID-wz8g-dfys-mqaw |
| summary |
The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
8.5 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
| reference_url |
http://www.ubuntu.com/usn/USN-2168-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
8.5 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-2168-1 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@2.3.1 |
| purl |
pkg:pypi/pillow@2.3.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1uv3-mjkz-rkcr |
|
| 1 |
| vulnerability |
VCID-2gpf-94cu-6fcd |
|
| 2 |
| vulnerability |
VCID-3gam-zy4w-2ucr |
|
| 3 |
| vulnerability |
VCID-4tub-w66m-uyfu |
|
| 4 |
| vulnerability |
VCID-5h45-rcpb-q7bz |
|
| 5 |
| vulnerability |
VCID-612t-dcay-nqgq |
|
| 6 |
| vulnerability |
VCID-6qkd-kgxx-dyeq |
|
| 7 |
| vulnerability |
VCID-7sps-ppua-ubb2 |
|
| 8 |
| vulnerability |
VCID-7v6e-3dxw-aubu |
|
| 9 |
| vulnerability |
VCID-7ya3-j9fa-zugj |
|
| 10 |
| vulnerability |
VCID-8gxw-hqk5-2uak |
|
| 11 |
| vulnerability |
VCID-8z6g-5td3-g7ej |
|
| 12 |
| vulnerability |
VCID-9hza-srk7-sucy |
|
| 13 |
| vulnerability |
VCID-9qm6-cbz9-b7c8 |
|
| 14 |
| vulnerability |
VCID-9v9s-wbu3-cqc7 |
|
| 15 |
| vulnerability |
VCID-cb58-eehb-j7cv |
|
| 16 |
| vulnerability |
VCID-ctaf-ff57-8yge |
|
| 17 |
| vulnerability |
VCID-d4dx-wbrv-gqaa |
|
| 18 |
| vulnerability |
VCID-dkcx-xcb8-3fgj |
|
| 19 |
| vulnerability |
VCID-dm9u-y5aa-bfhc |
|
| 20 |
| vulnerability |
VCID-ew1c-9uyd-hyfa |
|
| 21 |
| vulnerability |
VCID-fq9j-ntxd-t3b3 |
|
| 22 |
| vulnerability |
VCID-g48w-36yx-tue3 |
|
| 23 |
| vulnerability |
VCID-gve2-x5zh-gqha |
|
| 24 |
| vulnerability |
VCID-htee-x1mv-sfhh |
|
| 25 |
| vulnerability |
VCID-hy5d-twhs-e7a3 |
|
| 26 |
| vulnerability |
VCID-jtq6-eykc-ykbz |
|
| 27 |
| vulnerability |
VCID-kjxw-f4f4-dydb |
|
| 28 |
| vulnerability |
VCID-mph7-qmm8-1fan |
|
| 29 |
| vulnerability |
VCID-p66f-cwf8-tfdr |
|
| 30 |
| vulnerability |
VCID-prvn-bejg-kufb |
|
| 31 |
| vulnerability |
VCID-px2q-ph74-1ue6 |
|
| 32 |
| vulnerability |
VCID-q11v-xn32-auch |
|
| 33 |
| vulnerability |
VCID-q8fz-36n2-vfh2 |
|
| 34 |
| vulnerability |
VCID-qbfa-rky7-juh5 |
|
| 35 |
| vulnerability |
VCID-qz6s-pjqj-7uet |
|
| 36 |
| vulnerability |
VCID-sgc5-3xgm-tfa1 |
|
| 37 |
| vulnerability |
VCID-t3rz-wf43-a3bf |
|
| 38 |
| vulnerability |
VCID-tcda-8txy-7ygn |
|
| 39 |
| vulnerability |
VCID-vx7b-mwfx-5fg2 |
|
| 40 |
| vulnerability |
VCID-vxtq-wjad-3ue3 |
|
| 41 |
| vulnerability |
VCID-wfzw-3x26-tucg |
|
| 42 |
| vulnerability |
VCID-whh3-qs36-pqfq |
|
| 43 |
| vulnerability |
VCID-wuv4-qn69-zygh |
|
| 44 |
| vulnerability |
VCID-x3bz-ehvb-jyfs |
|
| 45 |
| vulnerability |
VCID-xbur-n6na-d7g1 |
|
| 46 |
| vulnerability |
VCID-yk5x-nt2m-5kgy |
|
| 47 |
| vulnerability |
VCID-zsxq-dasb-qyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@2.3.1 |
|
|
| aliases |
CVE-2014-1932, GHSA-x895-2wrm-hvp7, PYSEC-2014-22
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wz8g-dfys-mqaw |
|
| 45 |
| url |
VCID-x3bz-ehvb-jyfs |
| vulnerability_id |
VCID-x3bz-ehvb-jyfs |
| summary |
An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-44271, GHSA-8ghj-p4vj-mr35, PYSEC-2023-227
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-x3bz-ehvb-jyfs |
|
| 46 |
| url |
VCID-xbur-n6na-d7g1 |
| vulnerability_id |
VCID-xbur-n6na-d7g1 |
| summary |
In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
| reference_url |
https://usn.ubuntu.com/4430-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4430-1 |
|
| 18 |
|
| 19 |
| reference_url |
https://usn.ubuntu.com/4430-2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4430-2 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@7.1.0 |
| purl |
pkg:pypi/pillow@7.1.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2gpf-94cu-6fcd |
|
| 1 |
| vulnerability |
VCID-3gam-zy4w-2ucr |
|
| 2 |
| vulnerability |
VCID-4tub-w66m-uyfu |
|
| 3 |
| vulnerability |
VCID-5h45-rcpb-q7bz |
|
| 4 |
| vulnerability |
VCID-612t-dcay-nqgq |
|
| 5 |
| vulnerability |
VCID-7hcs-pkze-6ba4 |
|
| 6 |
| vulnerability |
VCID-7v6e-3dxw-aubu |
|
| 7 |
| vulnerability |
VCID-7ya3-j9fa-zugj |
|
| 8 |
| vulnerability |
VCID-8z6g-5td3-g7ej |
|
| 9 |
| vulnerability |
VCID-9hza-srk7-sucy |
|
| 10 |
| vulnerability |
VCID-d4dx-wbrv-gqaa |
|
| 11 |
| vulnerability |
VCID-dkcx-xcb8-3fgj |
|
| 12 |
| vulnerability |
VCID-fq9j-ntxd-t3b3 |
|
| 13 |
| vulnerability |
VCID-g48w-36yx-tue3 |
|
| 14 |
| vulnerability |
VCID-gve2-x5zh-gqha |
|
| 15 |
| vulnerability |
VCID-htee-x1mv-sfhh |
|
| 16 |
| vulnerability |
VCID-kjxw-f4f4-dydb |
|
| 17 |
| vulnerability |
VCID-prvn-bejg-kufb |
|
| 18 |
| vulnerability |
VCID-q8fz-36n2-vfh2 |
|
| 19 |
| vulnerability |
VCID-qbfa-rky7-juh5 |
|
| 20 |
| vulnerability |
VCID-qz6s-pjqj-7uet |
|
| 21 |
| vulnerability |
VCID-tcda-8txy-7ygn |
|
| 22 |
| vulnerability |
VCID-vx7b-mwfx-5fg2 |
|
| 23 |
| vulnerability |
VCID-wfzw-3x26-tucg |
|
| 24 |
| vulnerability |
VCID-wuv4-qn69-zygh |
|
| 25 |
| vulnerability |
VCID-x3bz-ehvb-jyfs |
|
| 26 |
| vulnerability |
VCID-yk5x-nt2m-5kgy |
|
| 27 |
| vulnerability |
VCID-zsxq-dasb-qyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@7.1.0 |
|
|
| aliases |
CVE-2020-10378, GHSA-3xv8-3j54-hgrp, PYSEC-2020-77
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xbur-n6na-d7g1 |
|
| 47 |
| url |
VCID-xfzk-j8w9-9kh8 |
| vulnerability_id |
VCID-xfzk-j8w9-9kh8 |
| summary |
The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/python-imaging/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-imaging/Pillow |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
| reference_url |
http://www.ubuntu.com/usn/USN-2168-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-2168-1 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@2.3.1 |
| purl |
pkg:pypi/pillow@2.3.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1uv3-mjkz-rkcr |
|
| 1 |
| vulnerability |
VCID-2gpf-94cu-6fcd |
|
| 2 |
| vulnerability |
VCID-3gam-zy4w-2ucr |
|
| 3 |
| vulnerability |
VCID-4tub-w66m-uyfu |
|
| 4 |
| vulnerability |
VCID-5h45-rcpb-q7bz |
|
| 5 |
| vulnerability |
VCID-612t-dcay-nqgq |
|
| 6 |
| vulnerability |
VCID-6qkd-kgxx-dyeq |
|
| 7 |
| vulnerability |
VCID-7sps-ppua-ubb2 |
|
| 8 |
| vulnerability |
VCID-7v6e-3dxw-aubu |
|
| 9 |
| vulnerability |
VCID-7ya3-j9fa-zugj |
|
| 10 |
| vulnerability |
VCID-8gxw-hqk5-2uak |
|
| 11 |
| vulnerability |
VCID-8z6g-5td3-g7ej |
|
| 12 |
| vulnerability |
VCID-9hza-srk7-sucy |
|
| 13 |
| vulnerability |
VCID-9qm6-cbz9-b7c8 |
|
| 14 |
| vulnerability |
VCID-9v9s-wbu3-cqc7 |
|
| 15 |
| vulnerability |
VCID-cb58-eehb-j7cv |
|
| 16 |
| vulnerability |
VCID-ctaf-ff57-8yge |
|
| 17 |
| vulnerability |
VCID-d4dx-wbrv-gqaa |
|
| 18 |
| vulnerability |
VCID-dkcx-xcb8-3fgj |
|
| 19 |
| vulnerability |
VCID-dm9u-y5aa-bfhc |
|
| 20 |
| vulnerability |
VCID-ew1c-9uyd-hyfa |
|
| 21 |
| vulnerability |
VCID-fq9j-ntxd-t3b3 |
|
| 22 |
| vulnerability |
VCID-g48w-36yx-tue3 |
|
| 23 |
| vulnerability |
VCID-gve2-x5zh-gqha |
|
| 24 |
| vulnerability |
VCID-htee-x1mv-sfhh |
|
| 25 |
| vulnerability |
VCID-hy5d-twhs-e7a3 |
|
| 26 |
| vulnerability |
VCID-jtq6-eykc-ykbz |
|
| 27 |
| vulnerability |
VCID-kjxw-f4f4-dydb |
|
| 28 |
| vulnerability |
VCID-mph7-qmm8-1fan |
|
| 29 |
| vulnerability |
VCID-p66f-cwf8-tfdr |
|
| 30 |
| vulnerability |
VCID-prvn-bejg-kufb |
|
| 31 |
| vulnerability |
VCID-px2q-ph74-1ue6 |
|
| 32 |
| vulnerability |
VCID-q11v-xn32-auch |
|
| 33 |
| vulnerability |
VCID-q8fz-36n2-vfh2 |
|
| 34 |
| vulnerability |
VCID-qbfa-rky7-juh5 |
|
| 35 |
| vulnerability |
VCID-qz6s-pjqj-7uet |
|
| 36 |
| vulnerability |
VCID-sgc5-3xgm-tfa1 |
|
| 37 |
| vulnerability |
VCID-t3rz-wf43-a3bf |
|
| 38 |
| vulnerability |
VCID-tcda-8txy-7ygn |
|
| 39 |
| vulnerability |
VCID-vx7b-mwfx-5fg2 |
|
| 40 |
| vulnerability |
VCID-vxtq-wjad-3ue3 |
|
| 41 |
| vulnerability |
VCID-wfzw-3x26-tucg |
|
| 42 |
| vulnerability |
VCID-whh3-qs36-pqfq |
|
| 43 |
| vulnerability |
VCID-wuv4-qn69-zygh |
|
| 44 |
| vulnerability |
VCID-x3bz-ehvb-jyfs |
|
| 45 |
| vulnerability |
VCID-xbur-n6na-d7g1 |
|
| 46 |
| vulnerability |
VCID-yk5x-nt2m-5kgy |
|
| 47 |
| vulnerability |
VCID-zsxq-dasb-qyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@2.3.1 |
|
|
| aliases |
CVE-2014-1933, GHSA-r854-96gq-rfg3, PYSEC-2014-23
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xfzk-j8w9-9kh8 |
|
| 48 |
| url |
VCID-yk5x-nt2m-5kgy |
| vulnerability_id |
VCID-yk5x-nt2m-5kgy |
| summary |
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@8.1.1 |
| purl |
pkg:pypi/pillow@8.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2gpf-94cu-6fcd |
|
| 1 |
| vulnerability |
VCID-3gam-zy4w-2ucr |
|
| 2 |
| vulnerability |
VCID-4tub-w66m-uyfu |
|
| 3 |
| vulnerability |
VCID-7ya3-j9fa-zugj |
|
| 4 |
| vulnerability |
VCID-9hza-srk7-sucy |
|
| 5 |
| vulnerability |
VCID-d4dx-wbrv-gqaa |
|
| 6 |
| vulnerability |
VCID-dkcx-xcb8-3fgj |
|
| 7 |
| vulnerability |
VCID-fq9j-ntxd-t3b3 |
|
| 8 |
| vulnerability |
VCID-g48w-36yx-tue3 |
|
| 9 |
| vulnerability |
VCID-gve2-x5zh-gqha |
|
| 10 |
| vulnerability |
VCID-htee-x1mv-sfhh |
|
| 11 |
| vulnerability |
VCID-prvn-bejg-kufb |
|
| 12 |
| vulnerability |
VCID-q8fz-36n2-vfh2 |
|
| 13 |
| vulnerability |
VCID-qbfa-rky7-juh5 |
|
| 14 |
| vulnerability |
VCID-tcda-8txy-7ygn |
|
| 15 |
| vulnerability |
VCID-vx7b-mwfx-5fg2 |
|
| 16 |
| vulnerability |
VCID-wfzw-3x26-tucg |
|
| 17 |
| vulnerability |
VCID-x3bz-ehvb-jyfs |
|
| 18 |
| vulnerability |
VCID-yk5x-nt2m-5kgy |
|
| 19 |
| vulnerability |
VCID-zsxq-dasb-qyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1 |
|
| 1 |
| url |
pkg:pypi/pillow@8.2.0 |
| purl |
pkg:pypi/pillow@8.2.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2gpf-94cu-6fcd |
|
| 1 |
| vulnerability |
VCID-4tub-w66m-uyfu |
|
| 2 |
| vulnerability |
VCID-7ya3-j9fa-zugj |
|
| 3 |
| vulnerability |
VCID-9hza-srk7-sucy |
|
| 4 |
| vulnerability |
VCID-d4dx-wbrv-gqaa |
|
| 5 |
| vulnerability |
VCID-dkcx-xcb8-3fgj |
|
| 6 |
| vulnerability |
VCID-q8fz-36n2-vfh2 |
|
| 7 |
| vulnerability |
VCID-vx7b-mwfx-5fg2 |
|
| 8 |
| vulnerability |
VCID-wfzw-3x26-tucg |
|
| 9 |
| vulnerability |
VCID-x3bz-ehvb-jyfs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0 |
|
|
| aliases |
CVE-2021-25291, GHSA-mvg9-xffr-p774, PYSEC-2021-37
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yk5x-nt2m-5kgy |
|
| 49 |
| url |
VCID-zsxq-dasb-qyex |
| vulnerability_id |
VCID-zsxq-dasb-qyex |
| summary |
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@8.1.1 |
| purl |
pkg:pypi/pillow@8.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2gpf-94cu-6fcd |
|
| 1 |
| vulnerability |
VCID-3gam-zy4w-2ucr |
|
| 2 |
| vulnerability |
VCID-4tub-w66m-uyfu |
|
| 3 |
| vulnerability |
VCID-7ya3-j9fa-zugj |
|
| 4 |
| vulnerability |
VCID-9hza-srk7-sucy |
|
| 5 |
| vulnerability |
VCID-d4dx-wbrv-gqaa |
|
| 6 |
| vulnerability |
VCID-dkcx-xcb8-3fgj |
|
| 7 |
| vulnerability |
VCID-fq9j-ntxd-t3b3 |
|
| 8 |
| vulnerability |
VCID-g48w-36yx-tue3 |
|
| 9 |
| vulnerability |
VCID-gve2-x5zh-gqha |
|
| 10 |
| vulnerability |
VCID-htee-x1mv-sfhh |
|
| 11 |
| vulnerability |
VCID-prvn-bejg-kufb |
|
| 12 |
| vulnerability |
VCID-q8fz-36n2-vfh2 |
|
| 13 |
| vulnerability |
VCID-qbfa-rky7-juh5 |
|
| 14 |
| vulnerability |
VCID-tcda-8txy-7ygn |
|
| 15 |
| vulnerability |
VCID-vx7b-mwfx-5fg2 |
|
| 16 |
| vulnerability |
VCID-wfzw-3x26-tucg |
|
| 17 |
| vulnerability |
VCID-x3bz-ehvb-jyfs |
|
| 18 |
| vulnerability |
VCID-yk5x-nt2m-5kgy |
|
| 19 |
| vulnerability |
VCID-zsxq-dasb-qyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1 |
|
| 1 |
| url |
pkg:pypi/pillow@8.1.2 |
| purl |
pkg:pypi/pillow@8.1.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2gpf-94cu-6fcd |
|
| 1 |
| vulnerability |
VCID-4tub-w66m-uyfu |
|
| 2 |
| vulnerability |
VCID-7ya3-j9fa-zugj |
|
| 3 |
| vulnerability |
VCID-9hza-srk7-sucy |
|
| 4 |
| vulnerability |
VCID-d4dx-wbrv-gqaa |
|
| 5 |
| vulnerability |
VCID-dkcx-xcb8-3fgj |
|
| 6 |
| vulnerability |
VCID-fq9j-ntxd-t3b3 |
|
| 7 |
| vulnerability |
VCID-gve2-x5zh-gqha |
|
| 8 |
| vulnerability |
VCID-htee-x1mv-sfhh |
|
| 9 |
| vulnerability |
VCID-prvn-bejg-kufb |
|
| 10 |
| vulnerability |
VCID-q8fz-36n2-vfh2 |
|
| 11 |
| vulnerability |
VCID-qbfa-rky7-juh5 |
|
| 12 |
| vulnerability |
VCID-tcda-8txy-7ygn |
|
| 13 |
| vulnerability |
VCID-vx7b-mwfx-5fg2 |
|
| 14 |
| vulnerability |
VCID-wfzw-3x26-tucg |
|
| 15 |
| vulnerability |
VCID-x3bz-ehvb-jyfs |
|
| 16 |
| vulnerability |
VCID-yk5x-nt2m-5kgy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.2 |
|
|
| aliases |
CVE-2021-27922, GHSA-3wvg-mj6g-m9cv, PYSEC-2021-41
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zsxq-dasb-qyex |
|