Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/pillow@2.5.2
Typepypi
Namespace
Namepillow
Version2.5.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version12.2.0
Latest_non_vulnerable_version12.2.0
Affected_by_vulnerabilities
0
url VCID-1uv3-mjkz-rkcr
vulnerability_id VCID-1uv3-mjkz-rkcr
summary Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file.
references
0
reference_url https://github.com/advisories/GHSA-3c5c-7235-994j
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-3c5c-7235-994j
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-19.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-19.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst
4
reference_url https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst?plain=1#L53
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst?plain=1#L53
5
reference_url https://github.com/python-pillow/Pillow/commit/5bdf54b5a76b54fb00bd05f2d733e0a4173eefc9
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/5bdf54b5a76b54fb00bd05f2d733e0a4173eefc9
6
reference_url https://github.com/python-pillow/Pillow/commit/5bdf54b5a76b54fb00bd05f2d733e0a4173eefc9#diff-8ff6909c159597e22288ad818938fd6b
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/5bdf54b5a76b54fb00bd05f2d733e0a4173eefc9#diff-8ff6909c159597e22288ad818938fd6b
7
reference_url https://github.com/python-pillow/Pillow/commit/ae453aa18b66af54e7ff716f4ccb33adca60afd4#diff-8ff6909c159597e22288ad818938fd6b
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/ae453aa18b66af54e7ff716f4ccb33adca60afd4#diff-8ff6909c159597e22288ad818938fd6b
8
reference_url https://github.com/python-pillow/Pillow/pull/1706
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/1706
9
reference_url https://security.gentoo.org/glsa/201612-52
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/201612-52
10
reference_url http://www.debian.org/security/2016/dsa-3499
reference_id
reference_type
scores
url http://www.debian.org/security/2016/dsa-3499
11
reference_url http://www.openwall.com/lists/oss-security/2016/02/02/5
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2016/02/02/5
12
reference_url http://www.openwall.com/lists/oss-security/2016/02/22/2
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2016/02/22/2
13
reference_url http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-2533
reference_id CVE-2016-2533
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-2533
15
reference_url http://www.cvedetails.com/cve/CVE-2016-2533/
reference_id CVE-2016-2533
reference_type
scores
url http://www.cvedetails.com/cve/CVE-2016-2533/
fixed_packages
0
url pkg:pypi/pillow@3.1.1
purl pkg:pypi/pillow@3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-3gam-zy4w-2ucr
2
vulnerability VCID-4tub-w66m-uyfu
3
vulnerability VCID-5h45-rcpb-q7bz
4
vulnerability VCID-6qkd-kgxx-dyeq
5
vulnerability VCID-6wqw-esat-2ua2
6
vulnerability VCID-7sps-ppua-ubb2
7
vulnerability VCID-7v6e-3dxw-aubu
8
vulnerability VCID-7ya3-j9fa-zugj
9
vulnerability VCID-8z6g-5td3-g7ej
10
vulnerability VCID-9hza-srk7-sucy
11
vulnerability VCID-9qm6-cbz9-b7c8
12
vulnerability VCID-9v9s-wbu3-cqc7
13
vulnerability VCID-cb58-eehb-j7cv
14
vulnerability VCID-d4dx-wbrv-gqaa
15
vulnerability VCID-dkcx-xcb8-3fgj
16
vulnerability VCID-fq9j-ntxd-t3b3
17
vulnerability VCID-g48w-36yx-tue3
18
vulnerability VCID-gve2-x5zh-gqha
19
vulnerability VCID-htee-x1mv-sfhh
20
vulnerability VCID-jtq6-eykc-ykbz
21
vulnerability VCID-kjxw-f4f4-dydb
22
vulnerability VCID-mph7-qmm8-1fan
23
vulnerability VCID-p66f-cwf8-tfdr
24
vulnerability VCID-prvn-bejg-kufb
25
vulnerability VCID-px2q-ph74-1ue6
26
vulnerability VCID-q8fz-36n2-vfh2
27
vulnerability VCID-qbfa-rky7-juh5
28
vulnerability VCID-qz6s-pjqj-7uet
29
vulnerability VCID-t3rz-wf43-a3bf
30
vulnerability VCID-tcda-8txy-7ygn
31
vulnerability VCID-vx7b-mwfx-5fg2
32
vulnerability VCID-vxtq-wjad-3ue3
33
vulnerability VCID-wfzw-3x26-tucg
34
vulnerability VCID-whh3-qs36-pqfq
35
vulnerability VCID-wuv4-qn69-zygh
36
vulnerability VCID-x3bz-ehvb-jyfs
37
vulnerability VCID-xbur-n6na-d7g1
38
vulnerability VCID-yk5x-nt2m-5kgy
39
vulnerability VCID-zsxq-dasb-qyex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@3.1.1
aliases CVE-2016-2533, GHSA-3c5c-7235-994j, PYSEC-2016-19
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1uv3-mjkz-rkcr
1
url VCID-2gpf-94cu-6fcd
vulnerability_id VCID-2gpf-94cu-6fcd
summary PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method.
references
0
reference_url https://github.com/advisories/GHSA-8vj2-vxx3-667w
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-8vj2-vxx3-667w
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-10.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-10.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/commit/8531b01d6cdf0b70f256f93092caa2a5d91afc11
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/8531b01d6cdf0b70f256f93092caa2a5d91afc11
4
reference_url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
5
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
6
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval
7
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security
8
reference_url https://security.gentoo.org/glsa/202211-10
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202211-10
9
reference_url https://www.debian.org/security/2022/dsa-5053
reference_id
reference_type
scores
url https://www.debian.org/security/2022/dsa-5053
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22817
reference_id CVE-2022-22817
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-22817
fixed_packages
0
url pkg:pypi/pillow@9.0.0
purl pkg:pypi/pillow@9.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tub-w66m-uyfu
1
vulnerability VCID-9hza-srk7-sucy
2
vulnerability VCID-q8fz-36n2-vfh2
3
vulnerability VCID-vx7b-mwfx-5fg2
4
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.0
1
url pkg:pypi/pillow@9.0.1
purl pkg:pypi/pillow@9.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tub-w66m-uyfu
1
vulnerability VCID-9hza-srk7-sucy
2
vulnerability VCID-vx7b-mwfx-5fg2
3
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.1
aliases CVE-2022-22817, GHSA-8vj2-vxx3-667w, PYSEC-2022-10
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2gpf-94cu-6fcd
2
url VCID-3gam-zy4w-2ucr
vulnerability_id VCID-3gam-zy4w-2ucr
summary Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.
references
0
reference_url https://github.com/advisories/GHSA-95q3-8gr9-gm8w
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-95q3-8gr9-gm8w
1
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
4
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-7ya3-j9fa-zugj
3
vulnerability VCID-9hza-srk7-sucy
4
vulnerability VCID-d4dx-wbrv-gqaa
5
vulnerability VCID-dkcx-xcb8-3fgj
6
vulnerability VCID-fq9j-ntxd-t3b3
7
vulnerability VCID-gve2-x5zh-gqha
8
vulnerability VCID-htee-x1mv-sfhh
9
vulnerability VCID-prvn-bejg-kufb
10
vulnerability VCID-q8fz-36n2-vfh2
11
vulnerability VCID-qbfa-rky7-juh5
12
vulnerability VCID-tcda-8txy-7ygn
13
vulnerability VCID-vx7b-mwfx-5fg2
14
vulnerability VCID-wfzw-3x26-tucg
15
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
aliases CVE-2021-27923, GHSA-95q3-8gr9-gm8w, PYSEC-2021-42
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3gam-zy4w-2ucr
3
url VCID-4tub-w66m-uyfu
vulnerability_id VCID-4tub-w66m-uyfu
summary Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). Pillow v10.0.1 upgrades the bundled libwebp binary to v1.3.2.
references
0
reference_url https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst#1001-2023-09-15
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst#1001-2023-09-15
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-4863
reference_id
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-4863
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-5129
reference_id
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-5129
fixed_packages
0
url pkg:pypi/pillow@10.0.1
purl pkg:pypi/pillow@10.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9hza-srk7-sucy
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@10.0.1
aliases PYSEC-2023-175
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4tub-w66m-uyfu
4
url VCID-5h45-rcpb-q7bz
vulnerability_id VCID-5h45-rcpb-q7bz
summary An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.
references
0
reference_url https://github.com/advisories/GHSA-57h3-9rgr-c24m
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-57h3-9rgr-c24m
1
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-7ya3-j9fa-zugj
3
vulnerability VCID-9hza-srk7-sucy
4
vulnerability VCID-d4dx-wbrv-gqaa
5
vulnerability VCID-dkcx-xcb8-3fgj
6
vulnerability VCID-fq9j-ntxd-t3b3
7
vulnerability VCID-gve2-x5zh-gqha
8
vulnerability VCID-htee-x1mv-sfhh
9
vulnerability VCID-prvn-bejg-kufb
10
vulnerability VCID-q8fz-36n2-vfh2
11
vulnerability VCID-qbfa-rky7-juh5
12
vulnerability VCID-tcda-8txy-7ygn
13
vulnerability VCID-vx7b-mwfx-5fg2
14
vulnerability VCID-wfzw-3x26-tucg
15
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
aliases CVE-2021-25289, GHSA-57h3-9rgr-c24m, PYSEC-2021-35
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5h45-rcpb-q7bz
5
url VCID-6qkd-kgxx-dyeq
vulnerability_id VCID-6qkd-kgxx-dyeq
summary Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component.
references
0
reference_url http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html
reference_id
reference_type
scores
url http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html
1
reference_url https://github.com/advisories/GHSA-rwr3-c2q8-gm56
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-rwr3-c2q8-gm56
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-8.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-8.yaml
3
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
4
reference_url https://github.com/python-pillow/Pillow/issues/2105
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/issues/2105
5
reference_url https://github.com/python-pillow/Pillow/pull/2146/commits/c50ebe6459a131a1ea8ca531f10da616d3ceaa0f
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/2146/commits/c50ebe6459a131a1ea8ca531f10da616d3ceaa0f
6
reference_url https://security.gentoo.org/glsa/201612-52
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/201612-52
7
reference_url http://www.debian.org/security/2016/dsa-3710
reference_id
reference_type
scores
url http://www.debian.org/security/2016/dsa-3710
8
reference_url http://www.securityfocus.com/bid/94234
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/94234
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-9189
reference_id CVE-2016-9189
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-9189
fixed_packages
0
url pkg:pypi/pillow@3.3.2
purl pkg:pypi/pillow@3.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-3gam-zy4w-2ucr
2
vulnerability VCID-4tub-w66m-uyfu
3
vulnerability VCID-5h45-rcpb-q7bz
4
vulnerability VCID-7sps-ppua-ubb2
5
vulnerability VCID-7v6e-3dxw-aubu
6
vulnerability VCID-7ya3-j9fa-zugj
7
vulnerability VCID-8z6g-5td3-g7ej
8
vulnerability VCID-9hza-srk7-sucy
9
vulnerability VCID-9qm6-cbz9-b7c8
10
vulnerability VCID-9v9s-wbu3-cqc7
11
vulnerability VCID-cb58-eehb-j7cv
12
vulnerability VCID-d4dx-wbrv-gqaa
13
vulnerability VCID-dkcx-xcb8-3fgj
14
vulnerability VCID-fq9j-ntxd-t3b3
15
vulnerability VCID-g48w-36yx-tue3
16
vulnerability VCID-gve2-x5zh-gqha
17
vulnerability VCID-htee-x1mv-sfhh
18
vulnerability VCID-jtq6-eykc-ykbz
19
vulnerability VCID-kjxw-f4f4-dydb
20
vulnerability VCID-mph7-qmm8-1fan
21
vulnerability VCID-p66f-cwf8-tfdr
22
vulnerability VCID-prvn-bejg-kufb
23
vulnerability VCID-q8fz-36n2-vfh2
24
vulnerability VCID-qbfa-rky7-juh5
25
vulnerability VCID-qz6s-pjqj-7uet
26
vulnerability VCID-t3rz-wf43-a3bf
27
vulnerability VCID-tcda-8txy-7ygn
28
vulnerability VCID-vx7b-mwfx-5fg2
29
vulnerability VCID-vxtq-wjad-3ue3
30
vulnerability VCID-wfzw-3x26-tucg
31
vulnerability VCID-whh3-qs36-pqfq
32
vulnerability VCID-wuv4-qn69-zygh
33
vulnerability VCID-x3bz-ehvb-jyfs
34
vulnerability VCID-xbur-n6na-d7g1
35
vulnerability VCID-yk5x-nt2m-5kgy
36
vulnerability VCID-zsxq-dasb-qyex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@3.3.2
aliases CVE-2016-9189, GHSA-rwr3-c2q8-gm56, PYSEC-2016-8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6qkd-kgxx-dyeq
6
url VCID-6wqw-esat-2ua2
vulnerability_id VCID-6wqw-esat-2ua2
summary Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.
references
0
reference_url http://pillow.readthedocs.io/en/4.1.x/releasenotes/3.1.2.html
reference_id
reference_type
scores
url http://pillow.readthedocs.io/en/4.1.x/releasenotes/3.1.2.html
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1321929
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1321929
2
reference_url http://www.securityfocus.com/bid/98042
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/98042
fixed_packages
0
url pkg:pypi/pillow@3.1.2
purl pkg:pypi/pillow@3.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-3gam-zy4w-2ucr
2
vulnerability VCID-4tub-w66m-uyfu
3
vulnerability VCID-5h45-rcpb-q7bz
4
vulnerability VCID-6qkd-kgxx-dyeq
5
vulnerability VCID-7sps-ppua-ubb2
6
vulnerability VCID-7v6e-3dxw-aubu
7
vulnerability VCID-7ya3-j9fa-zugj
8
vulnerability VCID-8z6g-5td3-g7ej
9
vulnerability VCID-9hza-srk7-sucy
10
vulnerability VCID-9qm6-cbz9-b7c8
11
vulnerability VCID-9v9s-wbu3-cqc7
12
vulnerability VCID-cb58-eehb-j7cv
13
vulnerability VCID-d4dx-wbrv-gqaa
14
vulnerability VCID-dkcx-xcb8-3fgj
15
vulnerability VCID-fq9j-ntxd-t3b3
16
vulnerability VCID-g48w-36yx-tue3
17
vulnerability VCID-gve2-x5zh-gqha
18
vulnerability VCID-htee-x1mv-sfhh
19
vulnerability VCID-jtq6-eykc-ykbz
20
vulnerability VCID-kjxw-f4f4-dydb
21
vulnerability VCID-mph7-qmm8-1fan
22
vulnerability VCID-p66f-cwf8-tfdr
23
vulnerability VCID-prvn-bejg-kufb
24
vulnerability VCID-px2q-ph74-1ue6
25
vulnerability VCID-q8fz-36n2-vfh2
26
vulnerability VCID-qbfa-rky7-juh5
27
vulnerability VCID-qz6s-pjqj-7uet
28
vulnerability VCID-t3rz-wf43-a3bf
29
vulnerability VCID-tcda-8txy-7ygn
30
vulnerability VCID-vx7b-mwfx-5fg2
31
vulnerability VCID-vxtq-wjad-3ue3
32
vulnerability VCID-wfzw-3x26-tucg
33
vulnerability VCID-whh3-qs36-pqfq
34
vulnerability VCID-wuv4-qn69-zygh
35
vulnerability VCID-x3bz-ehvb-jyfs
36
vulnerability VCID-xbur-n6na-d7g1
37
vulnerability VCID-yk5x-nt2m-5kgy
38
vulnerability VCID-zsxq-dasb-qyex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@3.1.2
aliases CVE-2016-3076, PYSEC-2017-92
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6wqw-esat-2ua2
7
url VCID-7sps-ppua-ubb2
vulnerability_id VCID-7sps-ppua-ubb2
summary libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc.
references
0
reference_url https://github.com/advisories/GHSA-vcqg-3p29-xw73
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-vcqg-3p29-xw73
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-81.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-81.yaml
2
reference_url https://github.com/pypa/advisory-db/blob/7872b0a91b4d980f749e6d75a81f8cc1af32829f/vulns/pillow/PYSEC-2020-81.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-db/blob/7872b0a91b4d980f749e6d75a81f8cc1af32829f/vulns/pillow/PYSEC-2020-81.yaml
3
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
4
reference_url https://github.com/python-pillow/Pillow/commit/4e2def2539ec13e53a82e06c4b3daf00454100c4
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/4e2def2539ec13e53a82e06c4b3daf00454100c4
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
9
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
10
reference_url https://usn.ubuntu.com/4272-1
reference_id
reference_type
scores
url https://usn.ubuntu.com/4272-1
11
reference_url https://usn.ubuntu.com/4272-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4272-1/
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-5310
reference_id CVE-2020-5310
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-5310
fixed_packages
0
url pkg:pypi/pillow@6.2.2
purl pkg:pypi/pillow@6.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-3gam-zy4w-2ucr
2
vulnerability VCID-4tub-w66m-uyfu
3
vulnerability VCID-5h45-rcpb-q7bz
4
vulnerability VCID-7hcs-pkze-6ba4
5
vulnerability VCID-7v6e-3dxw-aubu
6
vulnerability VCID-7ya3-j9fa-zugj
7
vulnerability VCID-8z6g-5td3-g7ej
8
vulnerability VCID-9hza-srk7-sucy
9
vulnerability VCID-9v9s-wbu3-cqc7
10
vulnerability VCID-d4dx-wbrv-gqaa
11
vulnerability VCID-dkcx-xcb8-3fgj
12
vulnerability VCID-fq9j-ntxd-t3b3
13
vulnerability VCID-g48w-36yx-tue3
14
vulnerability VCID-gve2-x5zh-gqha
15
vulnerability VCID-htee-x1mv-sfhh
16
vulnerability VCID-jtq6-eykc-ykbz
17
vulnerability VCID-kjxw-f4f4-dydb
18
vulnerability VCID-prvn-bejg-kufb
19
vulnerability VCID-q8fz-36n2-vfh2
20
vulnerability VCID-qbfa-rky7-juh5
21
vulnerability VCID-qz6s-pjqj-7uet
22
vulnerability VCID-t3rz-wf43-a3bf
23
vulnerability VCID-tcda-8txy-7ygn
24
vulnerability VCID-vx7b-mwfx-5fg2
25
vulnerability VCID-wfzw-3x26-tucg
26
vulnerability VCID-whh3-qs36-pqfq
27
vulnerability VCID-wuv4-qn69-zygh
28
vulnerability VCID-x3bz-ehvb-jyfs
29
vulnerability VCID-xbur-n6na-d7g1
30
vulnerability VCID-yk5x-nt2m-5kgy
31
vulnerability VCID-zsxq-dasb-qyex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@6.2.2
aliases CVE-2020-5310, GHSA-vcqg-3p29-xw73, PYSEC-2020-81
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7sps-ppua-ubb2
8
url VCID-7v6e-3dxw-aubu
vulnerability_id VCID-7v6e-3dxw-aubu
summary In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.
references
0
reference_url https://github.com/advisories/GHSA-f5g8-5qq7-938w
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-f5g8-5qq7-938w
1
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/
3
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/index.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/index.html
fixed_packages
0
url pkg:pypi/pillow@8.1.0
purl pkg:pypi/pillow@8.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-3gam-zy4w-2ucr
2
vulnerability VCID-4tub-w66m-uyfu
3
vulnerability VCID-5h45-rcpb-q7bz
4
vulnerability VCID-7ya3-j9fa-zugj
5
vulnerability VCID-8z6g-5td3-g7ej
6
vulnerability VCID-9hza-srk7-sucy
7
vulnerability VCID-d4dx-wbrv-gqaa
8
vulnerability VCID-dkcx-xcb8-3fgj
9
vulnerability VCID-fq9j-ntxd-t3b3
10
vulnerability VCID-g48w-36yx-tue3
11
vulnerability VCID-gve2-x5zh-gqha
12
vulnerability VCID-htee-x1mv-sfhh
13
vulnerability VCID-prvn-bejg-kufb
14
vulnerability VCID-q8fz-36n2-vfh2
15
vulnerability VCID-qbfa-rky7-juh5
16
vulnerability VCID-qz6s-pjqj-7uet
17
vulnerability VCID-tcda-8txy-7ygn
18
vulnerability VCID-vx7b-mwfx-5fg2
19
vulnerability VCID-wfzw-3x26-tucg
20
vulnerability VCID-wuv4-qn69-zygh
21
vulnerability VCID-x3bz-ehvb-jyfs
22
vulnerability VCID-yk5x-nt2m-5kgy
23
vulnerability VCID-zsxq-dasb-qyex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.0
aliases CVE-2020-35653, GHSA-f5g8-5qq7-938w, PYSEC-2021-69
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7v6e-3dxw-aubu
9
url VCID-7ya3-j9fa-zugj
vulnerability_id VCID-7ya3-j9fa-zugj
summary arbitrary code execution
references
0
reference_url https://github.com/advisories/GHSA-7534-mm45-c74v
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-7534-mm45-c74v
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-331.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-331.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/commit/31c473898c29d1b7cb6555ce67d9503a4906b83f
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/31c473898c29d1b7cb6555ce67d9503a4906b83f
4
reference_url https://github.com/python-pillow/Pillow/pull/5567
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/5567
5
reference_url https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V6LCG525ARIX6LX5QRYNAWVDD2MD2SV
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V6LCG525ARIX6LX5QRYNAWVDD2MD2SV
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V6LCG525ARIX6LX5QRYNAWVDD2MD2SV/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V6LCG525ARIX6LX5QRYNAWVDD2MD2SV/
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUGBBT63VL7G4JNOEIPDJIOC34ZFBKNJ
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUGBBT63VL7G4JNOEIPDJIOC34ZFBKNJ
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUGBBT63VL7G4JNOEIPDJIOC34ZFBKNJ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUGBBT63VL7G4JNOEIPDJIOC34ZFBKNJ/
10
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow
11
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/index.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/index.html
12
reference_url https://security.gentoo.org/glsa/202211-10
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202211-10
13
reference_url https://security.archlinux.org/ASA-202107-26
reference_id ASA-202107-26
reference_type
scores
url https://security.archlinux.org/ASA-202107-26
14
reference_url https://security.archlinux.org/AVG-2150
reference_id AVG-2150
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2150
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-34552
reference_id CVE-2021-34552
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-34552
fixed_packages
0
url pkg:pypi/pillow@8.3.0
purl pkg:pypi/pillow@8.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-9hza-srk7-sucy
3
vulnerability VCID-d4dx-wbrv-gqaa
4
vulnerability VCID-dkcx-xcb8-3fgj
5
vulnerability VCID-q8fz-36n2-vfh2
6
vulnerability VCID-vx7b-mwfx-5fg2
7
vulnerability VCID-wfzw-3x26-tucg
8
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.3.0
aliases CVE-2021-34552, GHSA-7534-mm45-c74v, PYSEC-2021-331
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7ya3-j9fa-zugj
10
url VCID-8gxw-hqk5-2uak
vulnerability_id VCID-8gxw-hqk5-2uak
summary Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow.
references
0
reference_url https://github.com/advisories/GHSA-hvr8-466p-75rh
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-hvr8-466p-75rh
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-7.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-7.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst
4
reference_url https://github.com/python-pillow/Pillow/commit/4e0d9b0b9740d258ade40cce248c93777362ac1e
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/4e0d9b0b9740d258ade40cce248c93777362ac1e
5
reference_url https://github.com/python-pillow/Pillow/pull/1714
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/1714
6
reference_url https://security.gentoo.org/glsa/201612-52
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/201612-52
7
reference_url http://www.securityfocus.com/bid/86064
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/86064
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-4009
reference_id CVE-2016-4009
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-4009
fixed_packages
0
url pkg:pypi/pillow@3.1.1
purl pkg:pypi/pillow@3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-3gam-zy4w-2ucr
2
vulnerability VCID-4tub-w66m-uyfu
3
vulnerability VCID-5h45-rcpb-q7bz
4
vulnerability VCID-6qkd-kgxx-dyeq
5
vulnerability VCID-6wqw-esat-2ua2
6
vulnerability VCID-7sps-ppua-ubb2
7
vulnerability VCID-7v6e-3dxw-aubu
8
vulnerability VCID-7ya3-j9fa-zugj
9
vulnerability VCID-8z6g-5td3-g7ej
10
vulnerability VCID-9hza-srk7-sucy
11
vulnerability VCID-9qm6-cbz9-b7c8
12
vulnerability VCID-9v9s-wbu3-cqc7
13
vulnerability VCID-cb58-eehb-j7cv
14
vulnerability VCID-d4dx-wbrv-gqaa
15
vulnerability VCID-dkcx-xcb8-3fgj
16
vulnerability VCID-fq9j-ntxd-t3b3
17
vulnerability VCID-g48w-36yx-tue3
18
vulnerability VCID-gve2-x5zh-gqha
19
vulnerability VCID-htee-x1mv-sfhh
20
vulnerability VCID-jtq6-eykc-ykbz
21
vulnerability VCID-kjxw-f4f4-dydb
22
vulnerability VCID-mph7-qmm8-1fan
23
vulnerability VCID-p66f-cwf8-tfdr
24
vulnerability VCID-prvn-bejg-kufb
25
vulnerability VCID-px2q-ph74-1ue6
26
vulnerability VCID-q8fz-36n2-vfh2
27
vulnerability VCID-qbfa-rky7-juh5
28
vulnerability VCID-qz6s-pjqj-7uet
29
vulnerability VCID-t3rz-wf43-a3bf
30
vulnerability VCID-tcda-8txy-7ygn
31
vulnerability VCID-vx7b-mwfx-5fg2
32
vulnerability VCID-vxtq-wjad-3ue3
33
vulnerability VCID-wfzw-3x26-tucg
34
vulnerability VCID-whh3-qs36-pqfq
35
vulnerability VCID-wuv4-qn69-zygh
36
vulnerability VCID-x3bz-ehvb-jyfs
37
vulnerability VCID-xbur-n6na-d7g1
38
vulnerability VCID-yk5x-nt2m-5kgy
39
vulnerability VCID-zsxq-dasb-qyex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@3.1.1
aliases CVE-2016-4009, GHSA-hvr8-466p-75rh, PYSEC-2016-7
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8gxw-hqk5-2uak
11
url VCID-8z6g-5td3-g7ej
vulnerability_id VCID-8z6g-5td3-g7ej
summary An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.
references
0
reference_url https://github.com/advisories/GHSA-p43w-g3c5-g5mq
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-p43w-g3c5-g5mq
1
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-7ya3-j9fa-zugj
3
vulnerability VCID-9hza-srk7-sucy
4
vulnerability VCID-d4dx-wbrv-gqaa
5
vulnerability VCID-dkcx-xcb8-3fgj
6
vulnerability VCID-fq9j-ntxd-t3b3
7
vulnerability VCID-gve2-x5zh-gqha
8
vulnerability VCID-htee-x1mv-sfhh
9
vulnerability VCID-prvn-bejg-kufb
10
vulnerability VCID-q8fz-36n2-vfh2
11
vulnerability VCID-qbfa-rky7-juh5
12
vulnerability VCID-tcda-8txy-7ygn
13
vulnerability VCID-vx7b-mwfx-5fg2
14
vulnerability VCID-wfzw-3x26-tucg
15
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
aliases CVE-2021-25293, GHSA-p43w-g3c5-g5mq, PYSEC-2021-39
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8z6g-5td3-g7ej
12
url VCID-9hza-srk7-sucy
vulnerability_id VCID-9hza-srk7-sucy
summary Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0.
references
0
reference_url https://github.com/python-pillow/Pillow/releases/tag/12.2.0
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://github.com/python-pillow/Pillow/releases/tag/12.2.0
1
reference_url https://github.com/python-pillow/Pillow/security/advisories/GHSA-wjx4-4jcj-g98j
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://github.com/python-pillow/Pillow/security/advisories/GHSA-wjx4-4jcj-g98j
fixed_packages
0
url pkg:pypi/pillow@12.2.0
purl pkg:pypi/pillow@12.2.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@12.2.0
aliases CVE-2026-42308, GHSA-wjx4-4jcj-g98j, PYSEC-2026-165
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9hza-srk7-sucy
13
url VCID-9qm6-cbz9-b7c8
vulnerability_id VCID-9qm6-cbz9-b7c8
summary There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux running 64-bit Python this results in the process being terminated by the OOM killer.
references
0
reference_url https://github.com/advisories/GHSA-5gm3-px64-rw72
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-5gm3-px64-rw72
1
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
2
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
3
reference_url https://usn.ubuntu.com/4272-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4272-1/
4
reference_url https://www.debian.org/security/2020/dsa-4631
reference_id
reference_type
scores
url https://www.debian.org/security/2020/dsa-4631
fixed_packages
0
url pkg:pypi/pillow@6.2.2
purl pkg:pypi/pillow@6.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-3gam-zy4w-2ucr
2
vulnerability VCID-4tub-w66m-uyfu
3
vulnerability VCID-5h45-rcpb-q7bz
4
vulnerability VCID-7hcs-pkze-6ba4
5
vulnerability VCID-7v6e-3dxw-aubu
6
vulnerability VCID-7ya3-j9fa-zugj
7
vulnerability VCID-8z6g-5td3-g7ej
8
vulnerability VCID-9hza-srk7-sucy
9
vulnerability VCID-9v9s-wbu3-cqc7
10
vulnerability VCID-d4dx-wbrv-gqaa
11
vulnerability VCID-dkcx-xcb8-3fgj
12
vulnerability VCID-fq9j-ntxd-t3b3
13
vulnerability VCID-g48w-36yx-tue3
14
vulnerability VCID-gve2-x5zh-gqha
15
vulnerability VCID-htee-x1mv-sfhh
16
vulnerability VCID-jtq6-eykc-ykbz
17
vulnerability VCID-kjxw-f4f4-dydb
18
vulnerability VCID-prvn-bejg-kufb
19
vulnerability VCID-q8fz-36n2-vfh2
20
vulnerability VCID-qbfa-rky7-juh5
21
vulnerability VCID-qz6s-pjqj-7uet
22
vulnerability VCID-t3rz-wf43-a3bf
23
vulnerability VCID-tcda-8txy-7ygn
24
vulnerability VCID-vx7b-mwfx-5fg2
25
vulnerability VCID-wfzw-3x26-tucg
26
vulnerability VCID-whh3-qs36-pqfq
27
vulnerability VCID-wuv4-qn69-zygh
28
vulnerability VCID-x3bz-ehvb-jyfs
29
vulnerability VCID-xbur-n6na-d7g1
30
vulnerability VCID-yk5x-nt2m-5kgy
31
vulnerability VCID-zsxq-dasb-qyex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@6.2.2
aliases CVE-2019-19911, GHSA-5gm3-px64-rw72, PYSEC-2020-172
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9qm6-cbz9-b7c8
14
url VCID-9v9s-wbu3-cqc7
vulnerability_id VCID-9v9s-wbu3-cqc7
summary Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c.
references
0
reference_url https://github.com/advisories/GHSA-cqhg-xjhh-p8hf
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-cqhg-xjhh-p8hf
1
reference_url https://github.com/python-pillow/Pillow/commits/master/src/libImaging
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commits/master/src/libImaging
2
reference_url https://github.com/python-pillow/Pillow/pull/4503
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/4503
3
reference_url https://github.com/python-pillow/Pillow/pull/4538
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/4538
4
reference_url https://lists.debian.org/debian-lts-announce/2020/08/msg00012.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2020/08/msg00012.html
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
7
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
8
reference_url https://usn.ubuntu.com/4430-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4430-1/
9
reference_url https://usn.ubuntu.com/4430-2/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4430-2/
fixed_packages
0
url pkg:pypi/pillow@7.1.0
purl pkg:pypi/pillow@7.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-3gam-zy4w-2ucr
2
vulnerability VCID-4tub-w66m-uyfu
3
vulnerability VCID-5h45-rcpb-q7bz
4
vulnerability VCID-7hcs-pkze-6ba4
5
vulnerability VCID-7v6e-3dxw-aubu
6
vulnerability VCID-7ya3-j9fa-zugj
7
vulnerability VCID-8z6g-5td3-g7ej
8
vulnerability VCID-9hza-srk7-sucy
9
vulnerability VCID-d4dx-wbrv-gqaa
10
vulnerability VCID-dkcx-xcb8-3fgj
11
vulnerability VCID-fq9j-ntxd-t3b3
12
vulnerability VCID-g48w-36yx-tue3
13
vulnerability VCID-gve2-x5zh-gqha
14
vulnerability VCID-htee-x1mv-sfhh
15
vulnerability VCID-kjxw-f4f4-dydb
16
vulnerability VCID-prvn-bejg-kufb
17
vulnerability VCID-q8fz-36n2-vfh2
18
vulnerability VCID-qbfa-rky7-juh5
19
vulnerability VCID-qz6s-pjqj-7uet
20
vulnerability VCID-tcda-8txy-7ygn
21
vulnerability VCID-vx7b-mwfx-5fg2
22
vulnerability VCID-wfzw-3x26-tucg
23
vulnerability VCID-wuv4-qn69-zygh
24
vulnerability VCID-x3bz-ehvb-jyfs
25
vulnerability VCID-yk5x-nt2m-5kgy
26
vulnerability VCID-zsxq-dasb-qyex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@7.1.0
aliases CVE-2020-10177, GHSA-cqhg-xjhh-p8hf, PYSEC-2020-76
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9v9s-wbu3-cqc7
15
url VCID-cb58-eehb-j7cv
vulnerability_id VCID-cb58-eehb-j7cv
summary libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow.
references
0
reference_url https://access.redhat.com/errata/RHSA-2020:0566
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0566
1
reference_url https://access.redhat.com/errata/RHSA-2020:0580
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0580
2
reference_url https://github.com/advisories/GHSA-r7rm-8j6h-r933
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-r7rm-8j6h-r933
3
reference_url https://github.com/python-pillow/Pillow/commit/a79b65c47c7dc6fe623aadf09aa6192fc54548f3
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/a79b65c47c7dc6fe623aadf09aa6192fc54548f3
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
6
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
7
reference_url https://usn.ubuntu.com/4272-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4272-1/
8
reference_url https://www.debian.org/security/2020/dsa-4631
reference_id
reference_type
scores
url https://www.debian.org/security/2020/dsa-4631
fixed_packages
0
url pkg:pypi/pillow@6.2.2
purl pkg:pypi/pillow@6.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-3gam-zy4w-2ucr
2
vulnerability VCID-4tub-w66m-uyfu
3
vulnerability VCID-5h45-rcpb-q7bz
4
vulnerability VCID-7hcs-pkze-6ba4
5
vulnerability VCID-7v6e-3dxw-aubu
6
vulnerability VCID-7ya3-j9fa-zugj
7
vulnerability VCID-8z6g-5td3-g7ej
8
vulnerability VCID-9hza-srk7-sucy
9
vulnerability VCID-9v9s-wbu3-cqc7
10
vulnerability VCID-d4dx-wbrv-gqaa
11
vulnerability VCID-dkcx-xcb8-3fgj
12
vulnerability VCID-fq9j-ntxd-t3b3
13
vulnerability VCID-g48w-36yx-tue3
14
vulnerability VCID-gve2-x5zh-gqha
15
vulnerability VCID-htee-x1mv-sfhh
16
vulnerability VCID-jtq6-eykc-ykbz
17
vulnerability VCID-kjxw-f4f4-dydb
18
vulnerability VCID-prvn-bejg-kufb
19
vulnerability VCID-q8fz-36n2-vfh2
20
vulnerability VCID-qbfa-rky7-juh5
21
vulnerability VCID-qz6s-pjqj-7uet
22
vulnerability VCID-t3rz-wf43-a3bf
23
vulnerability VCID-tcda-8txy-7ygn
24
vulnerability VCID-vx7b-mwfx-5fg2
25
vulnerability VCID-wfzw-3x26-tucg
26
vulnerability VCID-whh3-qs36-pqfq
27
vulnerability VCID-wuv4-qn69-zygh
28
vulnerability VCID-x3bz-ehvb-jyfs
29
vulnerability VCID-xbur-n6na-d7g1
30
vulnerability VCID-yk5x-nt2m-5kgy
31
vulnerability VCID-zsxq-dasb-qyex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@6.2.2
aliases CVE-2020-5311, GHSA-r7rm-8j6h-r933, PYSEC-2020-82
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cb58-eehb-j7cv
16
url VCID-ctaf-ff57-8yge
vulnerability_id VCID-ctaf-ff57-8yge
summary Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148442.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148442.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2015-04/msg00056.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2015-04/msg00056.html
2
reference_url http://pillow.readthedocs.org/releasenotes/2.7.0.html
reference_id
reference_type
scores
url http://pillow.readthedocs.org/releasenotes/2.7.0.html
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2015-16.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2015-16.yaml
4
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
5
reference_url https://github.com/python-pillow/Pillow/pull/1060
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/1060
6
reference_url https://web.archive.org/web/20200227221255/http://www.securityfocus.com/bid/77758
reference_id
reference_type
scores
url https://web.archive.org/web/20200227221255/http://www.securityfocus.com/bid/77758
7
reference_url https://www.djangoproject.com/weblog/2015/jan/02/pillow-security-release
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2015/jan/02/pillow-security-release
8
reference_url https://www.djangoproject.com/weblog/2015/jan/02/pillow-security-release/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2015/jan/02/pillow-security-release/
9
reference_url http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
10
reference_url http://www.securityfocus.com/bid/77758
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/77758
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-9601
reference_id CVE-2014-9601
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2014-9601
12
reference_url https://github.com/advisories/GHSA-h5rf-vgqx-wjv2
reference_id GHSA-h5rf-vgqx-wjv2
reference_type
scores
url https://github.com/advisories/GHSA-h5rf-vgqx-wjv2
fixed_packages
0
url pkg:pypi/pillow@2.7.0
purl pkg:pypi/pillow@2.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uv3-mjkz-rkcr
1
vulnerability VCID-2gpf-94cu-6fcd
2
vulnerability VCID-3gam-zy4w-2ucr
3
vulnerability VCID-4tub-w66m-uyfu
4
vulnerability VCID-5h45-rcpb-q7bz
5
vulnerability VCID-6qkd-kgxx-dyeq
6
vulnerability VCID-6wqw-esat-2ua2
7
vulnerability VCID-7sps-ppua-ubb2
8
vulnerability VCID-7v6e-3dxw-aubu
9
vulnerability VCID-7ya3-j9fa-zugj
10
vulnerability VCID-8gxw-hqk5-2uak
11
vulnerability VCID-8z6g-5td3-g7ej
12
vulnerability VCID-9hza-srk7-sucy
13
vulnerability VCID-9qm6-cbz9-b7c8
14
vulnerability VCID-9v9s-wbu3-cqc7
15
vulnerability VCID-cb58-eehb-j7cv
16
vulnerability VCID-d4dx-wbrv-gqaa
17
vulnerability VCID-dkcx-xcb8-3fgj
18
vulnerability VCID-fq9j-ntxd-t3b3
19
vulnerability VCID-g48w-36yx-tue3
20
vulnerability VCID-gve2-x5zh-gqha
21
vulnerability VCID-htee-x1mv-sfhh
22
vulnerability VCID-hy5d-twhs-e7a3
23
vulnerability VCID-jtq6-eykc-ykbz
24
vulnerability VCID-kjxw-f4f4-dydb
25
vulnerability VCID-mph7-qmm8-1fan
26
vulnerability VCID-p66f-cwf8-tfdr
27
vulnerability VCID-prvn-bejg-kufb
28
vulnerability VCID-px2q-ph74-1ue6
29
vulnerability VCID-q11v-xn32-auch
30
vulnerability VCID-q8fz-36n2-vfh2
31
vulnerability VCID-qbfa-rky7-juh5
32
vulnerability VCID-qz6s-pjqj-7uet
33
vulnerability VCID-t3rz-wf43-a3bf
34
vulnerability VCID-tcda-8txy-7ygn
35
vulnerability VCID-vx7b-mwfx-5fg2
36
vulnerability VCID-vxtq-wjad-3ue3
37
vulnerability VCID-wfzw-3x26-tucg
38
vulnerability VCID-whh3-qs36-pqfq
39
vulnerability VCID-wuv4-qn69-zygh
40
vulnerability VCID-x3bz-ehvb-jyfs
41
vulnerability VCID-xbur-n6na-d7g1
42
vulnerability VCID-yk5x-nt2m-5kgy
43
vulnerability VCID-zsxq-dasb-qyex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@2.7.0
aliases CVE-2014-9601, GHSA-h5rf-vgqx-wjv2, PYSEC-2015-16
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ctaf-ff57-8yge
17
url VCID-d4dx-wbrv-gqaa
vulnerability_id VCID-d4dx-wbrv-gqaa
summary path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.
references
0
reference_url https://github.com/advisories/GHSA-pw3c-h7wp-cvhx
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-pw3c-h7wp-cvhx
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-8.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-8.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331
4
reference_url https://github.com/python-pillow/Pillow/blob/e8ab5640774716c5486d3cb05167f74f742ad6ef/CHANGES.rst?plain=1#L1187
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/blob/e8ab5640774716c5486d3cb05167f74f742ad6ef/CHANGES.rst?plain=1#L1187
5
reference_url https://github.com/python-pillow/Pillow/commit/1e092419b6806495c683043ab3feb6ce264f3b9c
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/1e092419b6806495c683043ab3feb6ce264f3b9c
6
reference_url https://github.com/python-pillow/Pillow/commit/c48271ab354db49cdbd740bc45e13be4f0f7993c
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/c48271ab354db49cdbd740bc45e13be4f0f7993c
7
reference_url https://github.com/python-pillow/Pillow/pull/5920
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/5920
8
reference_url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
9
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling
10
reference_url https://www.debian.org/security/2022/dsa-5053
reference_id
reference_type
scores
url https://www.debian.org/security/2022/dsa-5053
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22815
reference_id CVE-2022-22815
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-22815
fixed_packages
0
url pkg:pypi/pillow@9.0.0
purl pkg:pypi/pillow@9.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tub-w66m-uyfu
1
vulnerability VCID-9hza-srk7-sucy
2
vulnerability VCID-q8fz-36n2-vfh2
3
vulnerability VCID-vx7b-mwfx-5fg2
4
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.0
aliases CVE-2022-22815, GHSA-pw3c-h7wp-cvhx, PYSEC-2022-8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d4dx-wbrv-gqaa
18
url VCID-dkcx-xcb8-3fgj
vulnerability_id VCID-dkcx-xcb8-3fgj
summary The package pillow from 0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.
references
0
reference_url https://github.com/advisories/GHSA-98vv-pw6r-q6q4
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-98vv-pw6r-q6q4
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-317.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-317.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b
4
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT
9
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html
10
reference_url https://security.gentoo.org/glsa/202211-10
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202211-10
11
reference_url https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443
reference_id
reference_type
scores
url https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-23437
reference_id CVE-2021-23437
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-23437
fixed_packages
0
url pkg:pypi/pillow@8.3.2
purl pkg:pypi/pillow@8.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-9hza-srk7-sucy
3
vulnerability VCID-d4dx-wbrv-gqaa
4
vulnerability VCID-q8fz-36n2-vfh2
5
vulnerability VCID-vx7b-mwfx-5fg2
6
vulnerability VCID-wfzw-3x26-tucg
7
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.3.2
aliases CVE-2021-23437, GHSA-98vv-pw6r-q6q4, PYSEC-2021-317, SNYK-PYTHON-PILLOW-1319443
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dkcx-xcb8-3fgj
19
url VCID-ew1c-9uyd-hyfa
vulnerability_id VCID-ew1c-9uyd-hyfa
summary The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2015-04/msg00056.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2015-04/msg00056.html
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2015-15.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2015-15.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/commit/347a1d8d956f9e64af4463ee25311b60cdd5657d
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/347a1d8d956f9e64af4463ee25311b60cdd5657d
4
reference_url https://pypi.python.org/pypi/Pillow/2.5.3
reference_id
reference_type
scores
url https://pypi.python.org/pypi/Pillow/2.5.3
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3598
reference_id CVE-2014-3598
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2014-3598
6
reference_url https://github.com/advisories/GHSA-j6f7-g425-4gmx
reference_id GHSA-j6f7-g425-4gmx
reference_type
scores
url https://github.com/advisories/GHSA-j6f7-g425-4gmx
fixed_packages
0
url pkg:pypi/pillow@2.5.3
purl pkg:pypi/pillow@2.5.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uv3-mjkz-rkcr
1
vulnerability VCID-2gpf-94cu-6fcd
2
vulnerability VCID-3gam-zy4w-2ucr
3
vulnerability VCID-4tub-w66m-uyfu
4
vulnerability VCID-5h45-rcpb-q7bz
5
vulnerability VCID-6qkd-kgxx-dyeq
6
vulnerability VCID-6wqw-esat-2ua2
7
vulnerability VCID-7sps-ppua-ubb2
8
vulnerability VCID-7v6e-3dxw-aubu
9
vulnerability VCID-7ya3-j9fa-zugj
10
vulnerability VCID-8gxw-hqk5-2uak
11
vulnerability VCID-8z6g-5td3-g7ej
12
vulnerability VCID-9hza-srk7-sucy
13
vulnerability VCID-9qm6-cbz9-b7c8
14
vulnerability VCID-9v9s-wbu3-cqc7
15
vulnerability VCID-cb58-eehb-j7cv
16
vulnerability VCID-ctaf-ff57-8yge
17
vulnerability VCID-d4dx-wbrv-gqaa
18
vulnerability VCID-dkcx-xcb8-3fgj
19
vulnerability VCID-fq9j-ntxd-t3b3
20
vulnerability VCID-g48w-36yx-tue3
21
vulnerability VCID-gve2-x5zh-gqha
22
vulnerability VCID-htee-x1mv-sfhh
23
vulnerability VCID-hy5d-twhs-e7a3
24
vulnerability VCID-jtq6-eykc-ykbz
25
vulnerability VCID-kjxw-f4f4-dydb
26
vulnerability VCID-mph7-qmm8-1fan
27
vulnerability VCID-p66f-cwf8-tfdr
28
vulnerability VCID-prvn-bejg-kufb
29
vulnerability VCID-px2q-ph74-1ue6
30
vulnerability VCID-q11v-xn32-auch
31
vulnerability VCID-q8fz-36n2-vfh2
32
vulnerability VCID-qbfa-rky7-juh5
33
vulnerability VCID-qz6s-pjqj-7uet
34
vulnerability VCID-t3rz-wf43-a3bf
35
vulnerability VCID-tcda-8txy-7ygn
36
vulnerability VCID-vx7b-mwfx-5fg2
37
vulnerability VCID-vxtq-wjad-3ue3
38
vulnerability VCID-wfzw-3x26-tucg
39
vulnerability VCID-whh3-qs36-pqfq
40
vulnerability VCID-wuv4-qn69-zygh
41
vulnerability VCID-x3bz-ehvb-jyfs
42
vulnerability VCID-xbur-n6na-d7g1
43
vulnerability VCID-yk5x-nt2m-5kgy
44
vulnerability VCID-zsxq-dasb-qyex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@2.5.3
aliases CVE-2014-3598, GHSA-j6f7-g425-4gmx, PYSEC-2015-15
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ew1c-9uyd-hyfa
20
url VCID-fq9j-ntxd-t3b3
vulnerability_id VCID-fq9j-ntxd-t3b3
summary An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.
references
0
reference_url https://github.com/advisories/GHSA-77gc-v2xv-rvvh
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-77gc-v2xv-rvvh
1
reference_url https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
3
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
fixed_packages
0
url pkg:pypi/pillow@8.2.0
purl pkg:pypi/pillow@8.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-7ya3-j9fa-zugj
3
vulnerability VCID-9hza-srk7-sucy
4
vulnerability VCID-d4dx-wbrv-gqaa
5
vulnerability VCID-dkcx-xcb8-3fgj
6
vulnerability VCID-q8fz-36n2-vfh2
7
vulnerability VCID-vx7b-mwfx-5fg2
8
vulnerability VCID-wfzw-3x26-tucg
9
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0
aliases CVE-2021-25287, GHSA-77gc-v2xv-rvvh, PYSEC-2021-137
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fq9j-ntxd-t3b3
21
url VCID-g48w-36yx-tue3
vulnerability_id VCID-g48w-36yx-tue3
summary Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.
references
0
reference_url https://github.com/advisories/GHSA-f4w8-cv6p-x6r5
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-f4w8-cv6p-x6r5
1
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
4
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-7ya3-j9fa-zugj
3
vulnerability VCID-9hza-srk7-sucy
4
vulnerability VCID-d4dx-wbrv-gqaa
5
vulnerability VCID-dkcx-xcb8-3fgj
6
vulnerability VCID-fq9j-ntxd-t3b3
7
vulnerability VCID-gve2-x5zh-gqha
8
vulnerability VCID-htee-x1mv-sfhh
9
vulnerability VCID-prvn-bejg-kufb
10
vulnerability VCID-q8fz-36n2-vfh2
11
vulnerability VCID-qbfa-rky7-juh5
12
vulnerability VCID-tcda-8txy-7ygn
13
vulnerability VCID-vx7b-mwfx-5fg2
14
vulnerability VCID-wfzw-3x26-tucg
15
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
aliases CVE-2021-27921, GHSA-f4w8-cv6p-x6r5, PYSEC-2021-40
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g48w-36yx-tue3
22
url VCID-gve2-x5zh-gqha
vulnerability_id VCID-gve2-x5zh-gqha
summary An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load.
references
0
reference_url https://github.com/advisories/GHSA-g6rj-rv7j-xwp4
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-g6rj-rv7j-xwp4
1
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
2
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fix-dos-in-psdimageplugin
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fix-dos-in-psdimageplugin
fixed_packages
0
url pkg:pypi/pillow@8.2.0
purl pkg:pypi/pillow@8.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-7ya3-j9fa-zugj
3
vulnerability VCID-9hza-srk7-sucy
4
vulnerability VCID-d4dx-wbrv-gqaa
5
vulnerability VCID-dkcx-xcb8-3fgj
6
vulnerability VCID-q8fz-36n2-vfh2
7
vulnerability VCID-vx7b-mwfx-5fg2
8
vulnerability VCID-wfzw-3x26-tucg
9
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0
aliases CVE-2021-28675, GHSA-g6rj-rv7j-xwp4, PYSEC-2021-139
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gve2-x5zh-gqha
23
url VCID-htee-x1mv-sfhh
vulnerability_id VCID-htee-x1mv-sfhh
summary An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a DoS of Pillow in the open phase, before an image was accepted for opening.
references
0
reference_url https://github.com/advisories/GHSA-q5hq-fp76-qmrc
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-q5hq-fp76-qmrc
1
reference_url https://github.com/python-pillow/Pillow/pull/5377
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/5377
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
3
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28677-fix-eps-dos-on-open
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28677-fix-eps-dos-on-open
fixed_packages
0
url pkg:pypi/pillow@8.2.0
purl pkg:pypi/pillow@8.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-7ya3-j9fa-zugj
3
vulnerability VCID-9hza-srk7-sucy
4
vulnerability VCID-d4dx-wbrv-gqaa
5
vulnerability VCID-dkcx-xcb8-3fgj
6
vulnerability VCID-q8fz-36n2-vfh2
7
vulnerability VCID-vx7b-mwfx-5fg2
8
vulnerability VCID-wfzw-3x26-tucg
9
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0
aliases CVE-2021-28677, GHSA-q5hq-fp76-qmrc, PYSEC-2021-93
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-htee-x1mv-sfhh
24
url VCID-hy5d-twhs-e7a3
vulnerability_id VCID-hy5d-twhs-e7a3
summary Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file.
references
0
reference_url https://github.com/advisories/GHSA-hggx-3h72-49ww
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-hggx-3h72-49ww
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-5.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-5.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst
4
reference_url https://github.com/python-pillow/Pillow/commit/6dcbf5bd96b717c58d7b642949da8d323099928e
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/6dcbf5bd96b717c58d7b642949da8d323099928e
5
reference_url https://security.gentoo.org/glsa/201612-52
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/201612-52
6
reference_url http://www.debian.org/security/2016/dsa-3499
reference_id
reference_type
scores
url http://www.debian.org/security/2016/dsa-3499
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-0740
reference_id CVE-2016-0740
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-0740
fixed_packages
0
url pkg:pypi/pillow@3.1.1
purl pkg:pypi/pillow@3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-3gam-zy4w-2ucr
2
vulnerability VCID-4tub-w66m-uyfu
3
vulnerability VCID-5h45-rcpb-q7bz
4
vulnerability VCID-6qkd-kgxx-dyeq
5
vulnerability VCID-6wqw-esat-2ua2
6
vulnerability VCID-7sps-ppua-ubb2
7
vulnerability VCID-7v6e-3dxw-aubu
8
vulnerability VCID-7ya3-j9fa-zugj
9
vulnerability VCID-8z6g-5td3-g7ej
10
vulnerability VCID-9hza-srk7-sucy
11
vulnerability VCID-9qm6-cbz9-b7c8
12
vulnerability VCID-9v9s-wbu3-cqc7
13
vulnerability VCID-cb58-eehb-j7cv
14
vulnerability VCID-d4dx-wbrv-gqaa
15
vulnerability VCID-dkcx-xcb8-3fgj
16
vulnerability VCID-fq9j-ntxd-t3b3
17
vulnerability VCID-g48w-36yx-tue3
18
vulnerability VCID-gve2-x5zh-gqha
19
vulnerability VCID-htee-x1mv-sfhh
20
vulnerability VCID-jtq6-eykc-ykbz
21
vulnerability VCID-kjxw-f4f4-dydb
22
vulnerability VCID-mph7-qmm8-1fan
23
vulnerability VCID-p66f-cwf8-tfdr
24
vulnerability VCID-prvn-bejg-kufb
25
vulnerability VCID-px2q-ph74-1ue6
26
vulnerability VCID-q8fz-36n2-vfh2
27
vulnerability VCID-qbfa-rky7-juh5
28
vulnerability VCID-qz6s-pjqj-7uet
29
vulnerability VCID-t3rz-wf43-a3bf
30
vulnerability VCID-tcda-8txy-7ygn
31
vulnerability VCID-vx7b-mwfx-5fg2
32
vulnerability VCID-vxtq-wjad-3ue3
33
vulnerability VCID-wfzw-3x26-tucg
34
vulnerability VCID-whh3-qs36-pqfq
35
vulnerability VCID-wuv4-qn69-zygh
36
vulnerability VCID-x3bz-ehvb-jyfs
37
vulnerability VCID-xbur-n6na-d7g1
38
vulnerability VCID-yk5x-nt2m-5kgy
39
vulnerability VCID-zsxq-dasb-qyex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@3.1.1
aliases CVE-2016-0740, GHSA-hggx-3h72-49ww, PYSEC-2016-5
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hy5d-twhs-e7a3
25
url VCID-jtq6-eykc-ykbz
vulnerability_id VCID-jtq6-eykc-ykbz
summary In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c.
references
0
reference_url https://github.com/advisories/GHSA-8843-m7mw-mxqm
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-8843-m7mw-mxqm
1
reference_url https://github.com/python-pillow/Pillow/commit/46f4a349b88915787fea3fb91348bb1665831bbb#diff-9478f2787e3ae9668a15123b165c23ac
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/46f4a349b88915787fea3fb91348bb1665831bbb#diff-9478f2787e3ae9668a15123b165c23ac
2
reference_url https://github.com/python-pillow/Pillow/commits/master/src/libImaging
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commits/master/src/libImaging
3
reference_url https://github.com/python-pillow/Pillow/pull/4538
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/4538
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
6
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
7
reference_url https://usn.ubuntu.com/4430-2/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4430-2/
fixed_packages
0
url pkg:pypi/pillow@7.1.0
purl pkg:pypi/pillow@7.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-3gam-zy4w-2ucr
2
vulnerability VCID-4tub-w66m-uyfu
3
vulnerability VCID-5h45-rcpb-q7bz
4
vulnerability VCID-7hcs-pkze-6ba4
5
vulnerability VCID-7v6e-3dxw-aubu
6
vulnerability VCID-7ya3-j9fa-zugj
7
vulnerability VCID-8z6g-5td3-g7ej
8
vulnerability VCID-9hza-srk7-sucy
9
vulnerability VCID-d4dx-wbrv-gqaa
10
vulnerability VCID-dkcx-xcb8-3fgj
11
vulnerability VCID-fq9j-ntxd-t3b3
12
vulnerability VCID-g48w-36yx-tue3
13
vulnerability VCID-gve2-x5zh-gqha
14
vulnerability VCID-htee-x1mv-sfhh
15
vulnerability VCID-kjxw-f4f4-dydb
16
vulnerability VCID-prvn-bejg-kufb
17
vulnerability VCID-q8fz-36n2-vfh2
18
vulnerability VCID-qbfa-rky7-juh5
19
vulnerability VCID-qz6s-pjqj-7uet
20
vulnerability VCID-tcda-8txy-7ygn
21
vulnerability VCID-vx7b-mwfx-5fg2
22
vulnerability VCID-wfzw-3x26-tucg
23
vulnerability VCID-wuv4-qn69-zygh
24
vulnerability VCID-x3bz-ehvb-jyfs
25
vulnerability VCID-yk5x-nt2m-5kgy
26
vulnerability VCID-zsxq-dasb-qyex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@7.1.0
aliases CVE-2020-10379, GHSA-8843-m7mw-mxqm, PYSEC-2020-78
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jtq6-eykc-ykbz
26
url VCID-kjxw-f4f4-dydb
vulnerability_id VCID-kjxw-f4f4-dydb
summary In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.
references
0
reference_url https://github.com/advisories/GHSA-vqcj-wrf2-7v73
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-vqcj-wrf2-7v73
1
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
5
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/index.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/index.html
fixed_packages
0
url pkg:pypi/pillow@8.1.0
purl pkg:pypi/pillow@8.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-3gam-zy4w-2ucr
2
vulnerability VCID-4tub-w66m-uyfu
3
vulnerability VCID-5h45-rcpb-q7bz
4
vulnerability VCID-7ya3-j9fa-zugj
5
vulnerability VCID-8z6g-5td3-g7ej
6
vulnerability VCID-9hza-srk7-sucy
7
vulnerability VCID-d4dx-wbrv-gqaa
8
vulnerability VCID-dkcx-xcb8-3fgj
9
vulnerability VCID-fq9j-ntxd-t3b3
10
vulnerability VCID-g48w-36yx-tue3
11
vulnerability VCID-gve2-x5zh-gqha
12
vulnerability VCID-htee-x1mv-sfhh
13
vulnerability VCID-prvn-bejg-kufb
14
vulnerability VCID-q8fz-36n2-vfh2
15
vulnerability VCID-qbfa-rky7-juh5
16
vulnerability VCID-qz6s-pjqj-7uet
17
vulnerability VCID-tcda-8txy-7ygn
18
vulnerability VCID-vx7b-mwfx-5fg2
19
vulnerability VCID-wfzw-3x26-tucg
20
vulnerability VCID-wuv4-qn69-zygh
21
vulnerability VCID-x3bz-ehvb-jyfs
22
vulnerability VCID-yk5x-nt2m-5kgy
23
vulnerability VCID-zsxq-dasb-qyex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.0
aliases CVE-2020-35654, GHSA-vqcj-wrf2-7v73, PYSEC-2021-70
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kjxw-f4f4-dydb
27
url VCID-mph7-qmm8-1fan
vulnerability_id VCID-mph7-qmm8-1fan
summary libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.
references
0
reference_url https://github.com/advisories/GHSA-hj69-c76v-86wr
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-hj69-c76v-86wr
1
reference_url https://github.com/python-pillow/Pillow/commit/a09acd0decd8a87ccce939d5ff65dab59e7d365b
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/a09acd0decd8a87ccce939d5ff65dab59e7d365b
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
4
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
5
reference_url https://usn.ubuntu.com/4272-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4272-1/
6
reference_url https://www.debian.org/security/2020/dsa-4631
reference_id
reference_type
scores
url https://www.debian.org/security/2020/dsa-4631
fixed_packages
0
url pkg:pypi/pillow@6.2.2
purl pkg:pypi/pillow@6.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-3gam-zy4w-2ucr
2
vulnerability VCID-4tub-w66m-uyfu
3
vulnerability VCID-5h45-rcpb-q7bz
4
vulnerability VCID-7hcs-pkze-6ba4
5
vulnerability VCID-7v6e-3dxw-aubu
6
vulnerability VCID-7ya3-j9fa-zugj
7
vulnerability VCID-8z6g-5td3-g7ej
8
vulnerability VCID-9hza-srk7-sucy
9
vulnerability VCID-9v9s-wbu3-cqc7
10
vulnerability VCID-d4dx-wbrv-gqaa
11
vulnerability VCID-dkcx-xcb8-3fgj
12
vulnerability VCID-fq9j-ntxd-t3b3
13
vulnerability VCID-g48w-36yx-tue3
14
vulnerability VCID-gve2-x5zh-gqha
15
vulnerability VCID-htee-x1mv-sfhh
16
vulnerability VCID-jtq6-eykc-ykbz
17
vulnerability VCID-kjxw-f4f4-dydb
18
vulnerability VCID-prvn-bejg-kufb
19
vulnerability VCID-q8fz-36n2-vfh2
20
vulnerability VCID-qbfa-rky7-juh5
21
vulnerability VCID-qz6s-pjqj-7uet
22
vulnerability VCID-t3rz-wf43-a3bf
23
vulnerability VCID-tcda-8txy-7ygn
24
vulnerability VCID-vx7b-mwfx-5fg2
25
vulnerability VCID-wfzw-3x26-tucg
26
vulnerability VCID-whh3-qs36-pqfq
27
vulnerability VCID-wuv4-qn69-zygh
28
vulnerability VCID-x3bz-ehvb-jyfs
29
vulnerability VCID-xbur-n6na-d7g1
30
vulnerability VCID-yk5x-nt2m-5kgy
31
vulnerability VCID-zsxq-dasb-qyex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@6.2.2
aliases CVE-2020-5313, GHSA-hj69-c76v-86wr, PYSEC-2020-84
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mph7-qmm8-1fan
28
url VCID-p66f-cwf8-tfdr
vulnerability_id VCID-p66f-cwf8-tfdr
summary libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.
references
0
reference_url https://access.redhat.com/errata/RHSA-2020:0566
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0566
1
reference_url https://access.redhat.com/errata/RHSA-2020:0578
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0578
2
reference_url https://access.redhat.com/errata/RHSA-2020:0580
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0580
3
reference_url https://access.redhat.com/errata/RHSA-2020:0681
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0681
4
reference_url https://access.redhat.com/errata/RHSA-2020:0683
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0683
5
reference_url https://access.redhat.com/errata/RHSA-2020:0694
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0694
6
reference_url https://github.com/advisories/GHSA-p49h-hjvm-jg3h
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-p49h-hjvm-jg3h
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-83.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-83.yaml
8
reference_url https://github.com/pypa/advisory-db/blob/7872b0a91b4d980f749e6d75a81f8cc1af32829f/vulns/pillow/PYSEC-2020-83.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-db/blob/7872b0a91b4d980f749e6d75a81f8cc1af32829f/vulns/pillow/PYSEC-2020-83.yaml
9
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
10
reference_url https://github.com/python-pillow/Pillow/commit/93b22b846e0269ee9594ff71a72bec02d2bea8fd
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/93b22b846e0269ee9594ff71a72bec02d2bea8fd
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
15
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
16
reference_url https://usn.ubuntu.com/4272-1
reference_id
reference_type
scores
url https://usn.ubuntu.com/4272-1
17
reference_url https://usn.ubuntu.com/4272-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4272-1/
18
reference_url https://www.debian.org/security/2020/dsa-4631
reference_id
reference_type
scores
url https://www.debian.org/security/2020/dsa-4631
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-5312
reference_id CVE-2020-5312
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-5312
fixed_packages
0
url pkg:pypi/pillow@6.2.2
purl pkg:pypi/pillow@6.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-3gam-zy4w-2ucr
2
vulnerability VCID-4tub-w66m-uyfu
3
vulnerability VCID-5h45-rcpb-q7bz
4
vulnerability VCID-7hcs-pkze-6ba4
5
vulnerability VCID-7v6e-3dxw-aubu
6
vulnerability VCID-7ya3-j9fa-zugj
7
vulnerability VCID-8z6g-5td3-g7ej
8
vulnerability VCID-9hza-srk7-sucy
9
vulnerability VCID-9v9s-wbu3-cqc7
10
vulnerability VCID-d4dx-wbrv-gqaa
11
vulnerability VCID-dkcx-xcb8-3fgj
12
vulnerability VCID-fq9j-ntxd-t3b3
13
vulnerability VCID-g48w-36yx-tue3
14
vulnerability VCID-gve2-x5zh-gqha
15
vulnerability VCID-htee-x1mv-sfhh
16
vulnerability VCID-jtq6-eykc-ykbz
17
vulnerability VCID-kjxw-f4f4-dydb
18
vulnerability VCID-prvn-bejg-kufb
19
vulnerability VCID-q8fz-36n2-vfh2
20
vulnerability VCID-qbfa-rky7-juh5
21
vulnerability VCID-qz6s-pjqj-7uet
22
vulnerability VCID-t3rz-wf43-a3bf
23
vulnerability VCID-tcda-8txy-7ygn
24
vulnerability VCID-vx7b-mwfx-5fg2
25
vulnerability VCID-wfzw-3x26-tucg
26
vulnerability VCID-whh3-qs36-pqfq
27
vulnerability VCID-wuv4-qn69-zygh
28
vulnerability VCID-x3bz-ehvb-jyfs
29
vulnerability VCID-xbur-n6na-d7g1
30
vulnerability VCID-yk5x-nt2m-5kgy
31
vulnerability VCID-zsxq-dasb-qyex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@6.2.2
aliases CVE-2020-5312, GHSA-p49h-hjvm-jg3h, PYSEC-2020-83
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p66f-cwf8-tfdr
29
url VCID-prvn-bejg-kufb
vulnerability_id VCID-prvn-bejg-kufb
summary An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i.
references
0
reference_url https://github.com/advisories/GHSA-rwv7-3v45-hg29
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-rwv7-3v45-hg29
1
reference_url https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
3
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
fixed_packages
0
url pkg:pypi/pillow@8.2.0
purl pkg:pypi/pillow@8.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-7ya3-j9fa-zugj
3
vulnerability VCID-9hza-srk7-sucy
4
vulnerability VCID-d4dx-wbrv-gqaa
5
vulnerability VCID-dkcx-xcb8-3fgj
6
vulnerability VCID-q8fz-36n2-vfh2
7
vulnerability VCID-vx7b-mwfx-5fg2
8
vulnerability VCID-wfzw-3x26-tucg
9
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0
aliases CVE-2021-25288, GHSA-rwv7-3v45-hg29, PYSEC-2021-138
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-prvn-bejg-kufb
30
url VCID-px2q-ph74-1ue6
vulnerability_id VCID-px2q-ph74-1ue6
summary Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component.
references
0
reference_url http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html
reference_id
reference_type
scores
url http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html
1
reference_url https://github.com/advisories/GHSA-w4vg-rf63-f3j3
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-w4vg-rf63-f3j3
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-9.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-9.yaml
3
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
4
reference_url https://github.com/python-pillow/Pillow/issues/2105
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/issues/2105
5
reference_url https://github.com/python-pillow/Pillow/pull/2146/commits/5d8a0be45aad78c5a22c8d099118ee26ef8144af
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/2146/commits/5d8a0be45aad78c5a22c8d099118ee26ef8144af
6
reference_url https://security.gentoo.org/glsa/201612-52
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/201612-52
7
reference_url http://www.debian.org/security/2016/dsa-3710
reference_id
reference_type
scores
url http://www.debian.org/security/2016/dsa-3710
8
reference_url http://www.securityfocus.com/bid/94234
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/94234
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-9190
reference_id CVE-2016-9190
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-9190
fixed_packages
0
url pkg:pypi/pillow@3.3.2
purl pkg:pypi/pillow@3.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-3gam-zy4w-2ucr
2
vulnerability VCID-4tub-w66m-uyfu
3
vulnerability VCID-5h45-rcpb-q7bz
4
vulnerability VCID-7sps-ppua-ubb2
5
vulnerability VCID-7v6e-3dxw-aubu
6
vulnerability VCID-7ya3-j9fa-zugj
7
vulnerability VCID-8z6g-5td3-g7ej
8
vulnerability VCID-9hza-srk7-sucy
9
vulnerability VCID-9qm6-cbz9-b7c8
10
vulnerability VCID-9v9s-wbu3-cqc7
11
vulnerability VCID-cb58-eehb-j7cv
12
vulnerability VCID-d4dx-wbrv-gqaa
13
vulnerability VCID-dkcx-xcb8-3fgj
14
vulnerability VCID-fq9j-ntxd-t3b3
15
vulnerability VCID-g48w-36yx-tue3
16
vulnerability VCID-gve2-x5zh-gqha
17
vulnerability VCID-htee-x1mv-sfhh
18
vulnerability VCID-jtq6-eykc-ykbz
19
vulnerability VCID-kjxw-f4f4-dydb
20
vulnerability VCID-mph7-qmm8-1fan
21
vulnerability VCID-p66f-cwf8-tfdr
22
vulnerability VCID-prvn-bejg-kufb
23
vulnerability VCID-q8fz-36n2-vfh2
24
vulnerability VCID-qbfa-rky7-juh5
25
vulnerability VCID-qz6s-pjqj-7uet
26
vulnerability VCID-t3rz-wf43-a3bf
27
vulnerability VCID-tcda-8txy-7ygn
28
vulnerability VCID-vx7b-mwfx-5fg2
29
vulnerability VCID-vxtq-wjad-3ue3
30
vulnerability VCID-wfzw-3x26-tucg
31
vulnerability VCID-whh3-qs36-pqfq
32
vulnerability VCID-wuv4-qn69-zygh
33
vulnerability VCID-x3bz-ehvb-jyfs
34
vulnerability VCID-xbur-n6na-d7g1
35
vulnerability VCID-yk5x-nt2m-5kgy
36
vulnerability VCID-zsxq-dasb-qyex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@3.3.2
aliases CVE-2016-9190, GHSA-w4vg-rf63-f3j3, PYSEC-2016-9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-px2q-ph74-1ue6
31
url VCID-q11v-xn32-auch
vulnerability_id VCID-q11v-xn32-auch
summary Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file.
references
0
reference_url https://github.com/advisories/GHSA-8xjv-v9xq-m5h9
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-8xjv-v9xq-m5h9
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-6.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-6.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst
4
reference_url https://github.com/python-pillow/Pillow/commit/893a40850c2d5da41537958e40569c029a6e127b
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/893a40850c2d5da41537958e40569c029a6e127b
5
reference_url https://security.gentoo.org/glsa/201612-52
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/201612-52
6
reference_url http://www.debian.org/security/2016/dsa-3499
reference_id
reference_type
scores
url http://www.debian.org/security/2016/dsa-3499
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-0775
reference_id CVE-2016-0775
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-0775
fixed_packages
0
url pkg:pypi/pillow@3.1.1
purl pkg:pypi/pillow@3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-3gam-zy4w-2ucr
2
vulnerability VCID-4tub-w66m-uyfu
3
vulnerability VCID-5h45-rcpb-q7bz
4
vulnerability VCID-6qkd-kgxx-dyeq
5
vulnerability VCID-6wqw-esat-2ua2
6
vulnerability VCID-7sps-ppua-ubb2
7
vulnerability VCID-7v6e-3dxw-aubu
8
vulnerability VCID-7ya3-j9fa-zugj
9
vulnerability VCID-8z6g-5td3-g7ej
10
vulnerability VCID-9hza-srk7-sucy
11
vulnerability VCID-9qm6-cbz9-b7c8
12
vulnerability VCID-9v9s-wbu3-cqc7
13
vulnerability VCID-cb58-eehb-j7cv
14
vulnerability VCID-d4dx-wbrv-gqaa
15
vulnerability VCID-dkcx-xcb8-3fgj
16
vulnerability VCID-fq9j-ntxd-t3b3
17
vulnerability VCID-g48w-36yx-tue3
18
vulnerability VCID-gve2-x5zh-gqha
19
vulnerability VCID-htee-x1mv-sfhh
20
vulnerability VCID-jtq6-eykc-ykbz
21
vulnerability VCID-kjxw-f4f4-dydb
22
vulnerability VCID-mph7-qmm8-1fan
23
vulnerability VCID-p66f-cwf8-tfdr
24
vulnerability VCID-prvn-bejg-kufb
25
vulnerability VCID-px2q-ph74-1ue6
26
vulnerability VCID-q8fz-36n2-vfh2
27
vulnerability VCID-qbfa-rky7-juh5
28
vulnerability VCID-qz6s-pjqj-7uet
29
vulnerability VCID-t3rz-wf43-a3bf
30
vulnerability VCID-tcda-8txy-7ygn
31
vulnerability VCID-vx7b-mwfx-5fg2
32
vulnerability VCID-vxtq-wjad-3ue3
33
vulnerability VCID-wfzw-3x26-tucg
34
vulnerability VCID-whh3-qs36-pqfq
35
vulnerability VCID-wuv4-qn69-zygh
36
vulnerability VCID-x3bz-ehvb-jyfs
37
vulnerability VCID-xbur-n6na-d7g1
38
vulnerability VCID-yk5x-nt2m-5kgy
39
vulnerability VCID-zsxq-dasb-qyex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@3.1.1
aliases CVE-2016-0775, GHSA-8xjv-v9xq-m5h9, PYSEC-2016-6
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q11v-xn32-auch
32
url VCID-q8fz-36n2-vfh2
vulnerability_id VCID-q8fz-36n2-vfh2
summary Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.
references
0
reference_url https://github.com/advisories/GHSA-9j59-75qj-795w
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-9j59-75qj-795w
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-168.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-168.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/blob/e8ab5640774716c5486d3cb05167f74f742ad6ef/CHANGES.rst?plain=1#L1172
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/blob/e8ab5640774716c5486d3cb05167f74f742ad6ef/CHANGES.rst?plain=1#L1172
4
reference_url https://github.com/python-pillow/Pillow/commit/10c4f75aaa383bd9671e923e3b91d391ea12d781
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/10c4f75aaa383bd9671e923e3b91d391ea12d781
5
reference_url https://github.com/python-pillow/Pillow/commit/143032103c9f2d55a0a7960bd3e630cb72549e8a
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/143032103c9f2d55a0a7960bd3e630cb72549e8a
6
reference_url https://github.com/python-pillow/Pillow/commit/427221ef5f19157001bf8b1ad7cfe0b905ca8c26
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/427221ef5f19157001bf8b1ad7cfe0b905ca8c26
7
reference_url https://github.com/python-pillow/Pillow/pull/3450
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/3450
8
reference_url https://github.com/python-pillow/Pillow/pull/6010
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/6010
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W4ZUXPKEX72O3E5IHBPVY5ZCPMJ4GHHV
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W4ZUXPKEX72O3E5IHBPVY5ZCPMJ4GHHV
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XR6UP2XONXOVXI4446VY72R63YRO2YTP
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XR6UP2XONXOVXI4446VY72R63YRO2YTP
11
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security
12
reference_url https://security.gentoo.org/glsa/202211-10
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202211-10
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24303
reference_id CVE-2022-24303
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-24303
fixed_packages
0
url pkg:pypi/pillow@9.0.1
purl pkg:pypi/pillow@9.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tub-w66m-uyfu
1
vulnerability VCID-9hza-srk7-sucy
2
vulnerability VCID-vx7b-mwfx-5fg2
3
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.1
aliases CVE-2022-24303, GHSA-9j59-75qj-795w, GMS-2022-348, PYSEC-2022-168
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q8fz-36n2-vfh2
33
url VCID-qbfa-rky7-juh5
vulnerability_id VCID-qbfa-rky7-juh5
summary An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load.
references
0
reference_url https://github.com/advisories/GHSA-7r7m-5h27-29hp
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-7r7m-5h27-29hp
1
reference_url https://github.com/python-pillow/Pillow/pull/5377
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/5377
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
3
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28676-fix-fli-dos
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28676-fix-fli-dos
fixed_packages
0
url pkg:pypi/pillow@8.2.0
purl pkg:pypi/pillow@8.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-7ya3-j9fa-zugj
3
vulnerability VCID-9hza-srk7-sucy
4
vulnerability VCID-d4dx-wbrv-gqaa
5
vulnerability VCID-dkcx-xcb8-3fgj
6
vulnerability VCID-q8fz-36n2-vfh2
7
vulnerability VCID-vx7b-mwfx-5fg2
8
vulnerability VCID-wfzw-3x26-tucg
9
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0
aliases CVE-2021-28676, GHSA-7r7m-5h27-29hp, PYSEC-2021-92
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qbfa-rky7-juh5
34
url VCID-qz6s-pjqj-7uet
vulnerability_id VCID-qz6s-pjqj-7uet
summary An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.
references
0
reference_url https://github.com/advisories/GHSA-8xjq-8fcg-g5hw
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-8xjq-8fcg-g5hw
1
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-7ya3-j9fa-zugj
3
vulnerability VCID-9hza-srk7-sucy
4
vulnerability VCID-d4dx-wbrv-gqaa
5
vulnerability VCID-dkcx-xcb8-3fgj
6
vulnerability VCID-fq9j-ntxd-t3b3
7
vulnerability VCID-gve2-x5zh-gqha
8
vulnerability VCID-htee-x1mv-sfhh
9
vulnerability VCID-prvn-bejg-kufb
10
vulnerability VCID-q8fz-36n2-vfh2
11
vulnerability VCID-qbfa-rky7-juh5
12
vulnerability VCID-tcda-8txy-7ygn
13
vulnerability VCID-vx7b-mwfx-5fg2
14
vulnerability VCID-wfzw-3x26-tucg
15
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
aliases CVE-2021-25290, GHSA-8xjq-8fcg-g5hw, PYSEC-2021-36
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qz6s-pjqj-7uet
35
url VCID-t3rz-wf43-a3bf
vulnerability_id VCID-t3rz-wf43-a3bf
summary In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311.
references
0
reference_url https://github.com/advisories/GHSA-43fq-w8qq-v88h
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-43fq-w8qq-v88h
1
reference_url https://github.com/python-pillow/Pillow/pull/4504
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/4504
2
reference_url https://github.com/python-pillow/Pillow/pull/4538
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/4538
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
5
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
6
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/index.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/index.html
7
reference_url https://usn.ubuntu.com/4430-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4430-1/
8
reference_url https://usn.ubuntu.com/4430-2/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4430-2/
fixed_packages
0
url pkg:pypi/pillow@7.1.0
purl pkg:pypi/pillow@7.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-3gam-zy4w-2ucr
2
vulnerability VCID-4tub-w66m-uyfu
3
vulnerability VCID-5h45-rcpb-q7bz
4
vulnerability VCID-7hcs-pkze-6ba4
5
vulnerability VCID-7v6e-3dxw-aubu
6
vulnerability VCID-7ya3-j9fa-zugj
7
vulnerability VCID-8z6g-5td3-g7ej
8
vulnerability VCID-9hza-srk7-sucy
9
vulnerability VCID-d4dx-wbrv-gqaa
10
vulnerability VCID-dkcx-xcb8-3fgj
11
vulnerability VCID-fq9j-ntxd-t3b3
12
vulnerability VCID-g48w-36yx-tue3
13
vulnerability VCID-gve2-x5zh-gqha
14
vulnerability VCID-htee-x1mv-sfhh
15
vulnerability VCID-kjxw-f4f4-dydb
16
vulnerability VCID-prvn-bejg-kufb
17
vulnerability VCID-q8fz-36n2-vfh2
18
vulnerability VCID-qbfa-rky7-juh5
19
vulnerability VCID-qz6s-pjqj-7uet
20
vulnerability VCID-tcda-8txy-7ygn
21
vulnerability VCID-vx7b-mwfx-5fg2
22
vulnerability VCID-wfzw-3x26-tucg
23
vulnerability VCID-wuv4-qn69-zygh
24
vulnerability VCID-x3bz-ehvb-jyfs
25
vulnerability VCID-yk5x-nt2m-5kgy
26
vulnerability VCID-zsxq-dasb-qyex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@7.1.0
aliases CVE-2020-11538, GHSA-43fq-w8qq-v88h, PYSEC-2020-80
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t3rz-wf43-a3bf
36
url VCID-tcda-8txy-7ygn
vulnerability_id VCID-tcda-8txy-7ygn
summary An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data.
references
0
reference_url https://github.com/advisories/GHSA-hjfx-8p6c-g7gx
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-hjfx-8p6c-g7gx
1
reference_url https://github.com/python-pillow/Pillow/pull/5377
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/5377
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
3
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28678-fix-blp-dos
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28678-fix-blp-dos
fixed_packages
0
url pkg:pypi/pillow@8.2.0
purl pkg:pypi/pillow@8.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-7ya3-j9fa-zugj
3
vulnerability VCID-9hza-srk7-sucy
4
vulnerability VCID-d4dx-wbrv-gqaa
5
vulnerability VCID-dkcx-xcb8-3fgj
6
vulnerability VCID-q8fz-36n2-vfh2
7
vulnerability VCID-vx7b-mwfx-5fg2
8
vulnerability VCID-wfzw-3x26-tucg
9
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0
aliases CVE-2021-28678, GHSA-hjfx-8p6c-g7gx, PYSEC-2021-94
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tcda-8txy-7ygn
37
url VCID-vx7b-mwfx-5fg2
vulnerability_id VCID-vx7b-mwfx-5fg2
summary Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).
references
0
reference_url https://bugs.gentoo.org/855683
reference_id
reference_type
scores
url https://bugs.gentoo.org/855683
1
reference_url https://cwe.mitre.org/data/definitions/409.html
reference_id
reference_type
scores
url https://cwe.mitre.org/data/definitions/409.html
2
reference_url https://github.com/python-pillow/Pillow/commit/11918eac0628ec8ac0812670d9838361ead2d6a4
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/11918eac0628ec8ac0812670d9838361ead2d6a4
3
reference_url https://github.com/python-pillow/Pillow/pull/6402
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/6402
4
reference_url https://github.com/python-pillow/Pillow/releases/tag/9.2.0
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/releases/tag/9.2.0
fixed_packages
0
url pkg:pypi/pillow@9.2.0
purl pkg:pypi/pillow@9.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tub-w66m-uyfu
1
vulnerability VCID-9hza-srk7-sucy
2
vulnerability VCID-q325-dhha-83b2
3
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.2.0
aliases CVE-2022-45198, PYSEC-2022-42979
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vx7b-mwfx-5fg2
38
url VCID-vxtq-wjad-3ue3
vulnerability_id VCID-vxtq-wjad-3ue3
summary An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.
references
0
reference_url https://access.redhat.com/errata/RHSA-2020:0566
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0566
1
reference_url https://access.redhat.com/errata/RHSA-2020:0578
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0578
2
reference_url https://access.redhat.com/errata/RHSA-2020:0580
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0580
3
reference_url https://access.redhat.com/errata/RHSA-2020:0681
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0681
4
reference_url https://access.redhat.com/errata/RHSA-2020:0683
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0683
5
reference_url https://access.redhat.com/errata/RHSA-2020:0694
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0694
6
reference_url https://github.com/advisories/GHSA-j7mj-748x-7p78
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-j7mj-748x-7p78
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EMJBUZQGQ2Q7HXYCQVRLU7OXNC7CAWWU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EMJBUZQGQ2Q7HXYCQVRLU7OXNC7CAWWU/
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYDXD7EE4YAEVSTNIFZKNVPRVJX5ZOG3/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYDXD7EE4YAEVSTNIFZKNVPRVJX5ZOG3/
9
reference_url https://pillow.readthedocs.io/en/latest/releasenotes/6.2.0.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/latest/releasenotes/6.2.0.html
10
reference_url https://usn.ubuntu.com/4272-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4272-1/
11
reference_url https://www.debian.org/security/2020/dsa-4631
reference_id
reference_type
scores
url https://www.debian.org/security/2020/dsa-4631
fixed_packages
0
url pkg:pypi/pillow@6.2.0
purl pkg:pypi/pillow@6.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-3gam-zy4w-2ucr
2
vulnerability VCID-4tub-w66m-uyfu
3
vulnerability VCID-5h45-rcpb-q7bz
4
vulnerability VCID-7hcs-pkze-6ba4
5
vulnerability VCID-7sps-ppua-ubb2
6
vulnerability VCID-7v6e-3dxw-aubu
7
vulnerability VCID-7ya3-j9fa-zugj
8
vulnerability VCID-8z6g-5td3-g7ej
9
vulnerability VCID-9hza-srk7-sucy
10
vulnerability VCID-9qm6-cbz9-b7c8
11
vulnerability VCID-9v9s-wbu3-cqc7
12
vulnerability VCID-cb58-eehb-j7cv
13
vulnerability VCID-d4dx-wbrv-gqaa
14
vulnerability VCID-dkcx-xcb8-3fgj
15
vulnerability VCID-fq9j-ntxd-t3b3
16
vulnerability VCID-g48w-36yx-tue3
17
vulnerability VCID-gve2-x5zh-gqha
18
vulnerability VCID-htee-x1mv-sfhh
19
vulnerability VCID-jtq6-eykc-ykbz
20
vulnerability VCID-kjxw-f4f4-dydb
21
vulnerability VCID-mph7-qmm8-1fan
22
vulnerability VCID-p66f-cwf8-tfdr
23
vulnerability VCID-prvn-bejg-kufb
24
vulnerability VCID-q8fz-36n2-vfh2
25
vulnerability VCID-qbfa-rky7-juh5
26
vulnerability VCID-qz6s-pjqj-7uet
27
vulnerability VCID-t3rz-wf43-a3bf
28
vulnerability VCID-tcda-8txy-7ygn
29
vulnerability VCID-vx7b-mwfx-5fg2
30
vulnerability VCID-wfzw-3x26-tucg
31
vulnerability VCID-whh3-qs36-pqfq
32
vulnerability VCID-wuv4-qn69-zygh
33
vulnerability VCID-x3bz-ehvb-jyfs
34
vulnerability VCID-xbur-n6na-d7g1
35
vulnerability VCID-yk5x-nt2m-5kgy
36
vulnerability VCID-zsxq-dasb-qyex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@6.2.0
aliases CVE-2019-16865, GHSA-j7mj-748x-7p78, PYSEC-2019-110
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vxtq-wjad-3ue3
39
url VCID-wfzw-3x26-tucg
vulnerability_id VCID-wfzw-3x26-tucg
summary path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.
references
0
reference_url https://github.com/advisories/GHSA-xrcv-f9gm-v42c
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-xrcv-f9gm-v42c
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-9.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-9.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331
4
reference_url https://github.com/python-pillow/Pillow/commit/5543e4e2d409cd9e409bc64cdc77be0af007a31f
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/5543e4e2d409cd9e409bc64cdc77be0af007a31f
5
reference_url https://github.com/python-pillow/Pillow/pull/5920
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/5920
6
reference_url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
7
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling
8
reference_url https://security.gentoo.org/glsa/202211-10
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202211-10
9
reference_url https://www.debian.org/security/2022/dsa-5053
reference_id
reference_type
scores
url https://www.debian.org/security/2022/dsa-5053
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22816
reference_id CVE-2022-22816
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-22816
fixed_packages
0
url pkg:pypi/pillow@9.0.0
purl pkg:pypi/pillow@9.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tub-w66m-uyfu
1
vulnerability VCID-9hza-srk7-sucy
2
vulnerability VCID-q8fz-36n2-vfh2
3
vulnerability VCID-vx7b-mwfx-5fg2
4
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.0
aliases CVE-2022-22816, GHSA-xrcv-f9gm-v42c, PYSEC-2022-9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wfzw-3x26-tucg
40
url VCID-whh3-qs36-pqfq
vulnerability_id VCID-whh3-qs36-pqfq
summary In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file.
references
0
reference_url https://github.com/advisories/GHSA-vj42-xq3r-hr3r
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-vj42-xq3r-hr3r
1
reference_url https://github.com/python-pillow/Pillow/commits/master/src/libImaging/
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commits/master/src/libImaging/
2
reference_url https://github.com/python-pillow/Pillow/pull/4505
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/4505
3
reference_url https://github.com/python-pillow/Pillow/pull/4538
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/4538
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
6
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/
7
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
8
reference_url https://usn.ubuntu.com/4430-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4430-1/
9
reference_url https://usn.ubuntu.com/4430-2/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4430-2/
fixed_packages
0
url pkg:pypi/pillow@7.0.0
purl pkg:pypi/pillow@7.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-3gam-zy4w-2ucr
2
vulnerability VCID-4tub-w66m-uyfu
3
vulnerability VCID-5h45-rcpb-q7bz
4
vulnerability VCID-7hcs-pkze-6ba4
5
vulnerability VCID-7v6e-3dxw-aubu
6
vulnerability VCID-7ya3-j9fa-zugj
7
vulnerability VCID-8z6g-5td3-g7ej
8
vulnerability VCID-9hza-srk7-sucy
9
vulnerability VCID-9v9s-wbu3-cqc7
10
vulnerability VCID-d4dx-wbrv-gqaa
11
vulnerability VCID-dkcx-xcb8-3fgj
12
vulnerability VCID-fq9j-ntxd-t3b3
13
vulnerability VCID-g48w-36yx-tue3
14
vulnerability VCID-gve2-x5zh-gqha
15
vulnerability VCID-htee-x1mv-sfhh
16
vulnerability VCID-jtq6-eykc-ykbz
17
vulnerability VCID-kjxw-f4f4-dydb
18
vulnerability VCID-prvn-bejg-kufb
19
vulnerability VCID-q8fz-36n2-vfh2
20
vulnerability VCID-qbfa-rky7-juh5
21
vulnerability VCID-qz6s-pjqj-7uet
22
vulnerability VCID-t3rz-wf43-a3bf
23
vulnerability VCID-tcda-8txy-7ygn
24
vulnerability VCID-vx7b-mwfx-5fg2
25
vulnerability VCID-wfzw-3x26-tucg
26
vulnerability VCID-wuv4-qn69-zygh
27
vulnerability VCID-x3bz-ehvb-jyfs
28
vulnerability VCID-xbur-n6na-d7g1
29
vulnerability VCID-yk5x-nt2m-5kgy
30
vulnerability VCID-zsxq-dasb-qyex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@7.0.0
aliases CVE-2020-10994, GHSA-vj42-xq3r-hr3r, PYSEC-2020-79
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-whh3-qs36-pqfq
41
url VCID-wuv4-qn69-zygh
vulnerability_id VCID-wuv4-qn69-zygh
summary An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.
references
0
reference_url https://github.com/advisories/GHSA-9hx2-hgq2-2g4f
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-9hx2-hgq2-2g4f
1
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-7ya3-j9fa-zugj
3
vulnerability VCID-9hza-srk7-sucy
4
vulnerability VCID-d4dx-wbrv-gqaa
5
vulnerability VCID-dkcx-xcb8-3fgj
6
vulnerability VCID-fq9j-ntxd-t3b3
7
vulnerability VCID-gve2-x5zh-gqha
8
vulnerability VCID-htee-x1mv-sfhh
9
vulnerability VCID-prvn-bejg-kufb
10
vulnerability VCID-q8fz-36n2-vfh2
11
vulnerability VCID-qbfa-rky7-juh5
12
vulnerability VCID-tcda-8txy-7ygn
13
vulnerability VCID-vx7b-mwfx-5fg2
14
vulnerability VCID-wfzw-3x26-tucg
15
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
aliases CVE-2021-25292, GHSA-9hx2-hgq2-2g4f, PYSEC-2021-38
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wuv4-qn69-zygh
42
url VCID-x3bz-ehvb-jyfs
vulnerability_id VCID-x3bz-ehvb-jyfs
summary An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.
references
0
reference_url https://devhub.checkmarx.com/cve-details/CVE-2023-44271/
reference_id
reference_type
scores
url https://devhub.checkmarx.com/cve-details/CVE-2023-44271/
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2023-227.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2023-227.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7
4
reference_url https://github.com/python-pillow/Pillow/pull/7244
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/7244
5
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N2JOEDUJDQLCUII2LQYZYSM7RJL2I3P4
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N2JOEDUJDQLCUII2LQYZYSM7RJL2I3P4
7
reference_url https://devhub.checkmarx.com/cve-details/CVE-2023-44271
reference_id CVE-2023-44271
reference_type
scores
url https://devhub.checkmarx.com/cve-details/CVE-2023-44271
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-44271
reference_id CVE-2023-44271
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-44271
9
reference_url https://github.com/advisories/GHSA-8ghj-p4vj-mr35
reference_id GHSA-8ghj-p4vj-mr35
reference_type
scores
url https://github.com/advisories/GHSA-8ghj-p4vj-mr35
fixed_packages
0
url pkg:pypi/pillow@10.0.0
purl pkg:pypi/pillow@10.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tub-w66m-uyfu
1
vulnerability VCID-9hza-srk7-sucy
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@10.0.0
aliases CVE-2023-44271, GHSA-8ghj-p4vj-mr35, PYSEC-2023-227
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x3bz-ehvb-jyfs
43
url VCID-xbur-n6na-d7g1
vulnerability_id VCID-xbur-n6na-d7g1
summary In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer.
references
0
reference_url https://github.com/advisories/GHSA-3xv8-3j54-hgrp
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-3xv8-3j54-hgrp
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-77.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-77.yaml
2
reference_url https://github.com/pypa/advisory-db/blob/7872b0a91b4d980f749e6d75a81f8cc1af32829f/vulns/pillow/PYSEC-2020-77.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-db/blob/7872b0a91b4d980f749e6d75a81f8cc1af32829f/vulns/pillow/PYSEC-2020-77.yaml
3
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
4
reference_url https://github.com/python-pillow/Pillow/commit/124f4bb591e16212605d0e41c413ed53e242cba2
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/124f4bb591e16212605d0e41c413ed53e242cba2
5
reference_url https://github.com/python-pillow/Pillow/commit/6a83e4324738bb0452fbe8074a995b1c73f08de7#diff-9478f2787e3ae9668a15123b165c23ac
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/6a83e4324738bb0452fbe8074a995b1c73f08de7#diff-9478f2787e3ae9668a15123b165c23ac
6
reference_url https://github.com/python-pillow/Pillow/commits/master/src/libImaging
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commits/master/src/libImaging
7
reference_url https://github.com/python-pillow/Pillow/issues/4750
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/issues/4750
8
reference_url https://github.com/python-pillow/Pillow/pull/4538
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/4538
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
13
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html
14
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
15
reference_url https://usn.ubuntu.com/4430-1
reference_id
reference_type
scores
url https://usn.ubuntu.com/4430-1
16
reference_url https://usn.ubuntu.com/4430-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4430-1/
17
reference_url https://usn.ubuntu.com/4430-2
reference_id
reference_type
scores
url https://usn.ubuntu.com/4430-2
18
reference_url https://usn.ubuntu.com/4430-2/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4430-2/
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10378
reference_id CVE-2020-10378
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-10378
fixed_packages
0
url pkg:pypi/pillow@7.1.0
purl pkg:pypi/pillow@7.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-3gam-zy4w-2ucr
2
vulnerability VCID-4tub-w66m-uyfu
3
vulnerability VCID-5h45-rcpb-q7bz
4
vulnerability VCID-7hcs-pkze-6ba4
5
vulnerability VCID-7v6e-3dxw-aubu
6
vulnerability VCID-7ya3-j9fa-zugj
7
vulnerability VCID-8z6g-5td3-g7ej
8
vulnerability VCID-9hza-srk7-sucy
9
vulnerability VCID-d4dx-wbrv-gqaa
10
vulnerability VCID-dkcx-xcb8-3fgj
11
vulnerability VCID-fq9j-ntxd-t3b3
12
vulnerability VCID-g48w-36yx-tue3
13
vulnerability VCID-gve2-x5zh-gqha
14
vulnerability VCID-htee-x1mv-sfhh
15
vulnerability VCID-kjxw-f4f4-dydb
16
vulnerability VCID-prvn-bejg-kufb
17
vulnerability VCID-q8fz-36n2-vfh2
18
vulnerability VCID-qbfa-rky7-juh5
19
vulnerability VCID-qz6s-pjqj-7uet
20
vulnerability VCID-tcda-8txy-7ygn
21
vulnerability VCID-vx7b-mwfx-5fg2
22
vulnerability VCID-wfzw-3x26-tucg
23
vulnerability VCID-wuv4-qn69-zygh
24
vulnerability VCID-x3bz-ehvb-jyfs
25
vulnerability VCID-yk5x-nt2m-5kgy
26
vulnerability VCID-zsxq-dasb-qyex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@7.1.0
aliases CVE-2020-10378, GHSA-3xv8-3j54-hgrp, PYSEC-2020-77
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xbur-n6na-d7g1
44
url VCID-yk5x-nt2m-5kgy
vulnerability_id VCID-yk5x-nt2m-5kgy
summary An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.
references
0
reference_url https://github.com/advisories/GHSA-mvg9-xffr-p774
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-mvg9-xffr-p774
1
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-7ya3-j9fa-zugj
3
vulnerability VCID-9hza-srk7-sucy
4
vulnerability VCID-d4dx-wbrv-gqaa
5
vulnerability VCID-dkcx-xcb8-3fgj
6
vulnerability VCID-fq9j-ntxd-t3b3
7
vulnerability VCID-gve2-x5zh-gqha
8
vulnerability VCID-htee-x1mv-sfhh
9
vulnerability VCID-prvn-bejg-kufb
10
vulnerability VCID-q8fz-36n2-vfh2
11
vulnerability VCID-qbfa-rky7-juh5
12
vulnerability VCID-tcda-8txy-7ygn
13
vulnerability VCID-vx7b-mwfx-5fg2
14
vulnerability VCID-wfzw-3x26-tucg
15
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
aliases CVE-2021-25291, GHSA-mvg9-xffr-p774, PYSEC-2021-37
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yk5x-nt2m-5kgy
45
url VCID-zsxq-dasb-qyex
vulnerability_id VCID-zsxq-dasb-qyex
summary Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.
references
0
reference_url https://github.com/advisories/GHSA-3wvg-mj6g-m9cv
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-3wvg-mj6g-m9cv
1
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
4
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-7ya3-j9fa-zugj
3
vulnerability VCID-9hza-srk7-sucy
4
vulnerability VCID-d4dx-wbrv-gqaa
5
vulnerability VCID-dkcx-xcb8-3fgj
6
vulnerability VCID-fq9j-ntxd-t3b3
7
vulnerability VCID-gve2-x5zh-gqha
8
vulnerability VCID-htee-x1mv-sfhh
9
vulnerability VCID-prvn-bejg-kufb
10
vulnerability VCID-q8fz-36n2-vfh2
11
vulnerability VCID-qbfa-rky7-juh5
12
vulnerability VCID-tcda-8txy-7ygn
13
vulnerability VCID-vx7b-mwfx-5fg2
14
vulnerability VCID-wfzw-3x26-tucg
15
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
aliases CVE-2021-27922, GHSA-3wvg-mj6g-m9cv, PYSEC-2021-41
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zsxq-dasb-qyex
Fixing_vulnerabilities
0
url VCID-dm9u-y5aa-bfhc
vulnerability_id VCID-dm9u-y5aa-bfhc
summary PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2015-04/msg00056.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2015-04/msg00056.html
1
reference_url http://osvdb.org/show/osvdb/110128
reference_id
reference_type
scores
url http://osvdb.org/show/osvdb/110128
2
reference_url http://seclists.org/bugtraq/2014/Sep/25
reference_id
reference_type
scores
url http://seclists.org/bugtraq/2014/Sep/25
3
reference_url http://secunia.com/advisories/59825
reference_id
reference_type
scores
url http://secunia.com/advisories/59825
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2014-10.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2014-10.yaml
5
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
6
reference_url https://github.com/python-pillow/Pillow/commit/205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d
7
reference_url https://github.com/python-pillow/Pillow/commit/5efeed77666bfd17708f3434b1d2daa9db1e1335
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/5efeed77666bfd17708f3434b1d2daa9db1e1335
8
reference_url https://github.com/python-pillow/Pillow/commit/d47611e6fbb808ea109366781dd76559ffb80bcd
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/d47611e6fbb808ea109366781dd76559ffb80bcd
9
reference_url https://pypi.python.org/pypi/Pillow/2.3.2
reference_id
reference_type
scores
url https://pypi.python.org/pypi/Pillow/2.3.2
10
reference_url https://pypi.python.org/pypi/Pillow/2.5.2
reference_id
reference_type
scores
url https://pypi.python.org/pypi/Pillow/2.5.2
11
reference_url http://www.debian.org/security/2014/dsa-3009
reference_id
reference_type
scores
url http://www.debian.org/security/2014/dsa-3009
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3589
reference_id CVE-2014-3589
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2014-3589
13
reference_url https://github.com/advisories/GHSA-cfmr-38g9-f2h7
reference_id GHSA-cfmr-38g9-f2h7
reference_type
scores
url https://github.com/advisories/GHSA-cfmr-38g9-f2h7
fixed_packages
0
url pkg:pypi/pillow@2.3.2
purl pkg:pypi/pillow@2.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uv3-mjkz-rkcr
1
vulnerability VCID-2gpf-94cu-6fcd
2
vulnerability VCID-3gam-zy4w-2ucr
3
vulnerability VCID-4tub-w66m-uyfu
4
vulnerability VCID-5h45-rcpb-q7bz
5
vulnerability VCID-6qkd-kgxx-dyeq
6
vulnerability VCID-7sps-ppua-ubb2
7
vulnerability VCID-7v6e-3dxw-aubu
8
vulnerability VCID-7ya3-j9fa-zugj
9
vulnerability VCID-8gxw-hqk5-2uak
10
vulnerability VCID-8z6g-5td3-g7ej
11
vulnerability VCID-9hza-srk7-sucy
12
vulnerability VCID-9qm6-cbz9-b7c8
13
vulnerability VCID-9v9s-wbu3-cqc7
14
vulnerability VCID-cb58-eehb-j7cv
15
vulnerability VCID-ctaf-ff57-8yge
16
vulnerability VCID-d4dx-wbrv-gqaa
17
vulnerability VCID-dkcx-xcb8-3fgj
18
vulnerability VCID-ew1c-9uyd-hyfa
19
vulnerability VCID-fq9j-ntxd-t3b3
20
vulnerability VCID-g48w-36yx-tue3
21
vulnerability VCID-gve2-x5zh-gqha
22
vulnerability VCID-htee-x1mv-sfhh
23
vulnerability VCID-hy5d-twhs-e7a3
24
vulnerability VCID-jtq6-eykc-ykbz
25
vulnerability VCID-kjxw-f4f4-dydb
26
vulnerability VCID-mph7-qmm8-1fan
27
vulnerability VCID-p66f-cwf8-tfdr
28
vulnerability VCID-prvn-bejg-kufb
29
vulnerability VCID-px2q-ph74-1ue6
30
vulnerability VCID-q11v-xn32-auch
31
vulnerability VCID-q8fz-36n2-vfh2
32
vulnerability VCID-qbfa-rky7-juh5
33
vulnerability VCID-qz6s-pjqj-7uet
34
vulnerability VCID-sgc5-3xgm-tfa1
35
vulnerability VCID-t3rz-wf43-a3bf
36
vulnerability VCID-tcda-8txy-7ygn
37
vulnerability VCID-vx7b-mwfx-5fg2
38
vulnerability VCID-vxtq-wjad-3ue3
39
vulnerability VCID-wfzw-3x26-tucg
40
vulnerability VCID-whh3-qs36-pqfq
41
vulnerability VCID-wuv4-qn69-zygh
42
vulnerability VCID-x3bz-ehvb-jyfs
43
vulnerability VCID-xbur-n6na-d7g1
44
vulnerability VCID-yk5x-nt2m-5kgy
45
vulnerability VCID-zsxq-dasb-qyex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@2.3.2
1
url pkg:pypi/pillow@2.5.2
purl pkg:pypi/pillow@2.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uv3-mjkz-rkcr
1
vulnerability VCID-2gpf-94cu-6fcd
2
vulnerability VCID-3gam-zy4w-2ucr
3
vulnerability VCID-4tub-w66m-uyfu
4
vulnerability VCID-5h45-rcpb-q7bz
5
vulnerability VCID-6qkd-kgxx-dyeq
6
vulnerability VCID-6wqw-esat-2ua2
7
vulnerability VCID-7sps-ppua-ubb2
8
vulnerability VCID-7v6e-3dxw-aubu
9
vulnerability VCID-7ya3-j9fa-zugj
10
vulnerability VCID-8gxw-hqk5-2uak
11
vulnerability VCID-8z6g-5td3-g7ej
12
vulnerability VCID-9hza-srk7-sucy
13
vulnerability VCID-9qm6-cbz9-b7c8
14
vulnerability VCID-9v9s-wbu3-cqc7
15
vulnerability VCID-cb58-eehb-j7cv
16
vulnerability VCID-ctaf-ff57-8yge
17
vulnerability VCID-d4dx-wbrv-gqaa
18
vulnerability VCID-dkcx-xcb8-3fgj
19
vulnerability VCID-ew1c-9uyd-hyfa
20
vulnerability VCID-fq9j-ntxd-t3b3
21
vulnerability VCID-g48w-36yx-tue3
22
vulnerability VCID-gve2-x5zh-gqha
23
vulnerability VCID-htee-x1mv-sfhh
24
vulnerability VCID-hy5d-twhs-e7a3
25
vulnerability VCID-jtq6-eykc-ykbz
26
vulnerability VCID-kjxw-f4f4-dydb
27
vulnerability VCID-mph7-qmm8-1fan
28
vulnerability VCID-p66f-cwf8-tfdr
29
vulnerability VCID-prvn-bejg-kufb
30
vulnerability VCID-px2q-ph74-1ue6
31
vulnerability VCID-q11v-xn32-auch
32
vulnerability VCID-q8fz-36n2-vfh2
33
vulnerability VCID-qbfa-rky7-juh5
34
vulnerability VCID-qz6s-pjqj-7uet
35
vulnerability VCID-t3rz-wf43-a3bf
36
vulnerability VCID-tcda-8txy-7ygn
37
vulnerability VCID-vx7b-mwfx-5fg2
38
vulnerability VCID-vxtq-wjad-3ue3
39
vulnerability VCID-wfzw-3x26-tucg
40
vulnerability VCID-whh3-qs36-pqfq
41
vulnerability VCID-wuv4-qn69-zygh
42
vulnerability VCID-x3bz-ehvb-jyfs
43
vulnerability VCID-xbur-n6na-d7g1
44
vulnerability VCID-yk5x-nt2m-5kgy
45
vulnerability VCID-zsxq-dasb-qyex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@2.5.2
aliases CVE-2014-3589, GHSA-cfmr-38g9-f2h7, PYSEC-2014-10
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dm9u-y5aa-bfhc
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/pillow@2.5.2