Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:ebuild/dev-python/pillow@3.4.2
Typeebuild
Namespacedev-python
Namepillow
Version3.4.2
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version8.1.0
Latest_non_vulnerable_version10.3.0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-366h-8f99-r7at
vulnerability_id VCID-366h-8f99-r7at
summary Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0775.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0775.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-0775
reference_id
reference_type
scores
0
value 0.01069
scoring_system epss
scoring_elements 0.77681
published_at 2026-04-07T12:55:00Z
1
value 0.01069
scoring_system epss
scoring_elements 0.77664
published_at 2026-04-01T12:55:00Z
2
value 0.01069
scoring_system epss
scoring_elements 0.77754
published_at 2026-04-21T12:55:00Z
3
value 0.01069
scoring_system epss
scoring_elements 0.7776
published_at 2026-04-18T12:55:00Z
4
value 0.01069
scoring_system epss
scoring_elements 0.77761
published_at 2026-04-16T12:55:00Z
5
value 0.01069
scoring_system epss
scoring_elements 0.77724
published_at 2026-04-13T12:55:00Z
6
value 0.01069
scoring_system epss
scoring_elements 0.7774
published_at 2026-04-11T12:55:00Z
7
value 0.01069
scoring_system epss
scoring_elements 0.77714
published_at 2026-04-09T12:55:00Z
8
value 0.01069
scoring_system epss
scoring_elements 0.77709
published_at 2026-04-08T12:55:00Z
9
value 0.01069
scoring_system epss
scoring_elements 0.77671
published_at 2026-04-02T12:55:00Z
10
value 0.01069
scoring_system epss
scoring_elements 0.77698
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-0775
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0740
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0740
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0775
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0775
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2533
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2533
5
reference_url https://github.com/advisories/GHSA-8xjv-v9xq-m5h9
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-8xjv-v9xq-m5h9
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-6.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-6.yaml
7
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
8
reference_url https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst
9
reference_url https://github.com/python-pillow/Pillow/commit/893a40850c2d5da41537958e40569c029a6e127b
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/893a40850c2d5da41537958e40569c029a6e127b
10
reference_url https://security.gentoo.org/glsa/201612-52
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201612-52
11
reference_url http://www.debian.org/security/2016/dsa-3499
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2016/dsa-3499
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1301621
reference_id 1301621
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1301621
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813909
reference_id 813909
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813909
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-0775
reference_id CVE-2016-0775
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:N/A:P
1
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
2
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
3
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-0775
18
reference_url https://usn.ubuntu.com/3080-1/
reference_id USN-3080-1
reference_type
scores
url https://usn.ubuntu.com/3080-1/
19
reference_url https://usn.ubuntu.com/3090-1/
reference_id USN-3090-1
reference_type
scores
url https://usn.ubuntu.com/3090-1/
fixed_packages
0
url pkg:ebuild/dev-python/pillow@3.4.2
purl pkg:ebuild/dev-python/pillow@3.4.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-python/pillow@3.4.2
aliases CVE-2016-0775, GHSA-8xjv-v9xq-m5h9, PYSEC-2016-6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-366h-8f99-r7at
1
url VCID-avx2-mahw-mqes
vulnerability_id VCID-avx2-mahw-mqes
summary Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4009.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4009.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-4009
reference_id
reference_type
scores
0
value 0.05263
scoring_system epss
scoring_elements 0.89986
published_at 2026-04-08T12:55:00Z
1
value 0.05263
scoring_system epss
scoring_elements 0.89948
published_at 2026-04-01T12:55:00Z
2
value 0.05263
scoring_system epss
scoring_elements 0.90003
published_at 2026-04-21T12:55:00Z
3
value 0.05263
scoring_system epss
scoring_elements 0.90006
published_at 2026-04-18T12:55:00Z
4
value 0.05263
scoring_system epss
scoring_elements 0.90005
published_at 2026-04-16T12:55:00Z
5
value 0.05263
scoring_system epss
scoring_elements 0.8999
published_at 2026-04-13T12:55:00Z
6
value 0.05263
scoring_system epss
scoring_elements 0.89997
published_at 2026-04-12T12:55:00Z
7
value 0.05263
scoring_system epss
scoring_elements 0.89998
published_at 2026-04-11T12:55:00Z
8
value 0.05263
scoring_system epss
scoring_elements 0.8997
published_at 2026-04-07T12:55:00Z
9
value 0.05263
scoring_system epss
scoring_elements 0.89991
published_at 2026-04-09T12:55:00Z
10
value 0.05263
scoring_system epss
scoring_elements 0.8995
published_at 2026-04-02T12:55:00Z
11
value 0.05263
scoring_system epss
scoring_elements 0.89963
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-4009
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4009
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4009
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-hvr8-466p-75rh
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-hvr8-466p-75rh
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-7.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-7.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst
8
reference_url https://github.com/python-pillow/Pillow/commit/4e0d9b0b9740d258ade40cce248c93777362ac1e
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/4e0d9b0b9740d258ade40cce248c93777362ac1e
9
reference_url https://github.com/python-pillow/Pillow/pull/1714
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/1714
10
reference_url https://security.gentoo.org/glsa/201612-52
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201612-52
11
reference_url http://www.securityfocus.com/bid/86064
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/86064
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1327134
reference_id 1327134
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1327134
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-4009
reference_id CVE-2016-4009
reference_type
scores
0
value 10.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:C/I:C/A:C
1
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
4
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-4009
fixed_packages
0
url pkg:ebuild/dev-python/pillow@3.4.2
purl pkg:ebuild/dev-python/pillow@3.4.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-python/pillow@3.4.2
aliases CVE-2016-4009, GHSA-hvr8-466p-75rh, PYSEC-2016-7
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-avx2-mahw-mqes
2
url VCID-dgds-v95g-pbcv
vulnerability_id VCID-dgds-v95g-pbcv
summary Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0740.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0740.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-0740
reference_id
reference_type
scores
0
value 0.00146
scoring_system epss
scoring_elements 0.3496
published_at 2026-04-21T12:55:00Z
1
value 0.00146
scoring_system epss
scoring_elements 0.3502
published_at 2026-04-16T12:55:00Z
2
value 0.00146
scoring_system epss
scoring_elements 0.35005
published_at 2026-04-18T12:55:00Z
3
value 0.00148
scoring_system epss
scoring_elements 0.35245
published_at 2026-04-12T12:55:00Z
4
value 0.00148
scoring_system epss
scoring_elements 0.35221
published_at 2026-04-13T12:55:00Z
5
value 0.00148
scoring_system epss
scoring_elements 0.35096
published_at 2026-04-01T12:55:00Z
6
value 0.00148
scoring_system epss
scoring_elements 0.35296
published_at 2026-04-02T12:55:00Z
7
value 0.00148
scoring_system epss
scoring_elements 0.35325
published_at 2026-04-04T12:55:00Z
8
value 0.00148
scoring_system epss
scoring_elements 0.35207
published_at 2026-04-07T12:55:00Z
9
value 0.00148
scoring_system epss
scoring_elements 0.35252
published_at 2026-04-08T12:55:00Z
10
value 0.00148
scoring_system epss
scoring_elements 0.35277
published_at 2026-04-09T12:55:00Z
11
value 0.00148
scoring_system epss
scoring_elements 0.3528
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-0740
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0740
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0740
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0775
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0775
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2533
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2533
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:N/C:P/I:P/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-hggx-3h72-49ww
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-hggx-3h72-49ww
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-5.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-5.yaml
8
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
9
reference_url https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst
10
reference_url https://github.com/python-pillow/Pillow/commit/6dcbf5bd96b717c58d7b642949da8d323099928e
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/6dcbf5bd96b717c58d7b642949da8d323099928e
11
reference_url https://security.gentoo.org/glsa/201612-52
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201612-52
12
reference_url http://www.debian.org/security/2016/dsa-3499
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2016/dsa-3499
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1298874
reference_id 1298874
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1298874
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813905
reference_id 813905
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813905
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-0740
reference_id CVE-2016-0740
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:P/A:N
1
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
2
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
3
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-0740
19
reference_url https://usn.ubuntu.com/3090-1/
reference_id USN-3090-1
reference_type
scores
url https://usn.ubuntu.com/3090-1/
fixed_packages
0
url pkg:ebuild/dev-python/pillow@3.4.2
purl pkg:ebuild/dev-python/pillow@3.4.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-python/pillow@3.4.2
aliases CVE-2016-0740, GHSA-hggx-3h72-49ww, PYSEC-2016-5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dgds-v95g-pbcv
3
url VCID-dgy9-uh9h-xfft
vulnerability_id VCID-dgy9-uh9h-xfft
summary The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2014-05/msg00002.html
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2014-05/msg00002.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1932.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1932.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-1932
reference_id
reference_type
scores
0
value 0.00098
scoring_system epss
scoring_elements 0.26981
published_at 2026-04-13T12:55:00Z
1
value 0.00098
scoring_system epss
scoring_elements 0.27037
published_at 2026-04-12T12:55:00Z
2
value 0.00098
scoring_system epss
scoring_elements 0.27082
published_at 2026-04-11T12:55:00Z
3
value 0.00098
scoring_system epss
scoring_elements 0.27078
published_at 2026-04-09T12:55:00Z
4
value 0.00098
scoring_system epss
scoring_elements 0.27033
published_at 2026-04-08T12:55:00Z
5
value 0.00098
scoring_system epss
scoring_elements 0.26989
published_at 2026-04-16T12:55:00Z
6
value 0.00098
scoring_system epss
scoring_elements 0.26964
published_at 2026-04-18T12:55:00Z
7
value 0.00098
scoring_system epss
scoring_elements 0.27172
published_at 2026-04-04T12:55:00Z
8
value 0.00098
scoring_system epss
scoring_elements 0.26928
published_at 2026-04-21T12:55:00Z
9
value 0.00133
scoring_system epss
scoring_elements 0.32904
published_at 2026-04-01T12:55:00Z
10
value 0.00133
scoring_system epss
scoring_elements 0.33034
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-1932
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1932
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1932
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2014-22.yaml
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2014-22.yaml
6
reference_url https://github.com/python-imaging/Pillow/commit/4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-imaging/Pillow/commit/4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7
7
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-1932
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-1932
9
reference_url https://security.gentoo.org/glsa/201612-52
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201612-52
10
reference_url https://web.archive.org/web/20170103151725/http://www.securityfocus.com/bid/65511
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20170103151725/http://www.securityfocus.com/bid/65511
11
reference_url http://www.openwall.com/lists/oss-security/2014/02/11/1
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/02/11/1
12
reference_url http://www.securityfocus.com/bid/65511
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/65511
13
reference_url http://www.ubuntu.com/usn/USN-2168-1
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-2168-1
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1063658
reference_id 1063658
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1063658
15
reference_url https://github.com/advisories/GHSA-x895-2wrm-hvp7
reference_id GHSA-x895-2wrm-hvp7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x895-2wrm-hvp7
16
reference_url https://usn.ubuntu.com/2168-1/
reference_id USN-2168-1
reference_type
scores
url https://usn.ubuntu.com/2168-1/
fixed_packages
0
url pkg:ebuild/dev-python/pillow@3.4.2
purl pkg:ebuild/dev-python/pillow@3.4.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-python/pillow@3.4.2
aliases CVE-2014-1932, GHSA-x895-2wrm-hvp7, PYSEC-2014-22
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dgy9-uh9h-xfft
4
url VCID-e3gp-zc2b-budg
vulnerability_id VCID-e3gp-zc2b-budg
summary Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component.
references
0
reference_url http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9189.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9189.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-9189
reference_id
reference_type
scores
0
value 0.00358
scoring_system epss
scoring_elements 0.58046
published_at 2026-04-12T12:55:00Z
1
value 0.00358
scoring_system epss
scoring_elements 0.58069
published_at 2026-04-11T12:55:00Z
2
value 0.00358
scoring_system epss
scoring_elements 0.58053
published_at 2026-04-09T12:55:00Z
3
value 0.00358
scoring_system epss
scoring_elements 0.58049
published_at 2026-04-08T12:55:00Z
4
value 0.00358
scoring_system epss
scoring_elements 0.57994
published_at 2026-04-07T12:55:00Z
5
value 0.00358
scoring_system epss
scoring_elements 0.5802
published_at 2026-04-04T12:55:00Z
6
value 0.00358
scoring_system epss
scoring_elements 0.57998
published_at 2026-04-02T12:55:00Z
7
value 0.00358
scoring_system epss
scoring_elements 0.58025
published_at 2026-04-13T12:55:00Z
8
value 0.00358
scoring_system epss
scoring_elements 0.57913
published_at 2026-04-01T12:55:00Z
9
value 0.00358
scoring_system epss
scoring_elements 0.58056
published_at 2026-04-18T12:55:00Z
10
value 0.00358
scoring_system epss
scoring_elements 0.58033
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-9189
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9189
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9189
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9190
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9190
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-rwr3-c2q8-gm56
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-rwr3-c2q8-gm56
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-8.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-8.yaml
8
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
9
reference_url https://github.com/python-pillow/Pillow/issues/2105
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/issues/2105
10
reference_url https://github.com/python-pillow/Pillow/pull/2146/commits/c50ebe6459a131a1ea8ca531f10da616d3ceaa0f
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/2146/commits/c50ebe6459a131a1ea8ca531f10da616d3ceaa0f
11
reference_url https://security.gentoo.org/glsa/201612-52
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201612-52
12
reference_url http://www.debian.org/security/2016/dsa-3710
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2016/dsa-3710
13
reference_url http://www.securityfocus.com/bid/94234
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/94234
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1382000
reference_id 1382000
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1382000
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-9189
reference_id CVE-2016-9189
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-9189
16
reference_url https://usn.ubuntu.com/3229-1/
reference_id USN-3229-1
reference_type
scores
url https://usn.ubuntu.com/3229-1/
17
reference_url https://usn.ubuntu.com/3230-1/
reference_id USN-3230-1
reference_type
scores
url https://usn.ubuntu.com/3230-1/
fixed_packages
0
url pkg:ebuild/dev-python/pillow@3.4.2
purl pkg:ebuild/dev-python/pillow@3.4.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-python/pillow@3.4.2
aliases CVE-2016-9189, GHSA-rwr3-c2q8-gm56, PYSEC-2016-8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e3gp-zc2b-budg
5
url VCID-ptk9-u246-q7gh
vulnerability_id VCID-ptk9-u246-q7gh
summary The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2014-05/msg00002.html
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2014-05/msg00002.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1933.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1933.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-1933
reference_id
reference_type
scores
0
value 0.00111
scoring_system epss
scoring_elements 0.29631
published_at 2026-04-04T12:55:00Z
1
value 0.00111
scoring_system epss
scoring_elements 0.29405
published_at 2026-04-21T12:55:00Z
2
value 0.00111
scoring_system epss
scoring_elements 0.29451
published_at 2026-04-18T12:55:00Z
3
value 0.00111
scoring_system epss
scoring_elements 0.29479
published_at 2026-04-16T12:55:00Z
4
value 0.00111
scoring_system epss
scoring_elements 0.2946
published_at 2026-04-13T12:55:00Z
5
value 0.00111
scoring_system epss
scoring_elements 0.29512
published_at 2026-04-12T12:55:00Z
6
value 0.00111
scoring_system epss
scoring_elements 0.29557
published_at 2026-04-11T12:55:00Z
7
value 0.00111
scoring_system epss
scoring_elements 0.29555
published_at 2026-04-09T12:55:00Z
8
value 0.00111
scoring_system epss
scoring_elements 0.29452
published_at 2026-04-07T12:55:00Z
9
value 0.00111
scoring_system epss
scoring_elements 0.29515
published_at 2026-04-08T12:55:00Z
10
value 0.00111
scoring_system epss
scoring_elements 0.29582
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-1933
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1933
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1933
4
reference_url https://github.com/advisories/GHSA-r854-96gq-rfg3
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r854-96gq-rfg3
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2014-23.yaml
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2014-23.yaml
6
reference_url https://github.com/python-imaging/Pillow
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-imaging/Pillow
7
reference_url https://github.com/python-imaging/Pillow/commit/4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-imaging/Pillow/commit/4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-1933
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-1933
9
reference_url https://security.gentoo.org/glsa/201612-52
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201612-52
10
reference_url http://www.openwall.com/lists/oss-security/2014/02/10/15
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/02/10/15
11
reference_url http://www.openwall.com/lists/oss-security/2014/02/11/1
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/02/11/1
12
reference_url http://www.securityfocus.com/bid/65513
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/65513
13
reference_url http://www.ubuntu.com/usn/USN-2168-1
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-2168-1
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1063660
reference_id 1063660
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1063660
15
reference_url https://usn.ubuntu.com/2168-1/
reference_id USN-2168-1
reference_type
scores
url https://usn.ubuntu.com/2168-1/
fixed_packages
0
url pkg:ebuild/dev-python/pillow@3.4.2
purl pkg:ebuild/dev-python/pillow@3.4.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-python/pillow@3.4.2
aliases CVE-2014-1933, GHSA-r854-96gq-rfg3, PYSEC-2014-23
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ptk9-u246-q7gh
6
url VCID-u1en-t8ux-uube
vulnerability_id VCID-u1en-t8ux-uube
summary Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component.
references
0
reference_url http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9190.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9190.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-9190
reference_id
reference_type
scores
0
value 0.00566
scoring_system epss
scoring_elements 0.68451
published_at 2026-04-13T12:55:00Z
1
value 0.00566
scoring_system epss
scoring_elements 0.68484
published_at 2026-04-12T12:55:00Z
2
value 0.00566
scoring_system epss
scoring_elements 0.68496
published_at 2026-04-11T12:55:00Z
3
value 0.00566
scoring_system epss
scoring_elements 0.6847
published_at 2026-04-09T12:55:00Z
4
value 0.00566
scoring_system epss
scoring_elements 0.68453
published_at 2026-04-08T12:55:00Z
5
value 0.00566
scoring_system epss
scoring_elements 0.68403
published_at 2026-04-07T12:55:00Z
6
value 0.00566
scoring_system epss
scoring_elements 0.68427
published_at 2026-04-04T12:55:00Z
7
value 0.00566
scoring_system epss
scoring_elements 0.68407
published_at 2026-04-02T12:55:00Z
8
value 0.00566
scoring_system epss
scoring_elements 0.68489
published_at 2026-04-16T12:55:00Z
9
value 0.00566
scoring_system epss
scoring_elements 0.68387
published_at 2026-04-01T12:55:00Z
10
value 0.00566
scoring_system epss
scoring_elements 0.68502
published_at 2026-04-18T12:55:00Z
11
value 0.00566
scoring_system epss
scoring_elements 0.68481
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-9190
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9189
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9189
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9190
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9190
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-w4vg-rf63-f3j3
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-w4vg-rf63-f3j3
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-9.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-9.yaml
8
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
9
reference_url https://github.com/python-pillow/Pillow/issues/2105
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/issues/2105
10
reference_url https://github.com/python-pillow/Pillow/pull/2146/commits/5d8a0be45aad78c5a22c8d099118ee26ef8144af
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/2146/commits/5d8a0be45aad78c5a22c8d099118ee26ef8144af
11
reference_url https://security.gentoo.org/glsa/201612-52
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201612-52
12
reference_url http://www.debian.org/security/2016/dsa-3710
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2016/dsa-3710
13
reference_url http://www.securityfocus.com/bid/94234
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/94234
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1382006
reference_id 1382006
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1382006
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-9190
reference_id CVE-2016-9190
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-9190
16
reference_url https://usn.ubuntu.com/3229-1/
reference_id USN-3229-1
reference_type
scores
url https://usn.ubuntu.com/3229-1/
17
reference_url https://usn.ubuntu.com/3230-1/
reference_id USN-3230-1
reference_type
scores
url https://usn.ubuntu.com/3230-1/
fixed_packages
0
url pkg:ebuild/dev-python/pillow@3.4.2
purl pkg:ebuild/dev-python/pillow@3.4.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-python/pillow@3.4.2
aliases CVE-2016-9190, GHSA-w4vg-rf63-f3j3, PYSEC-2016-9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u1en-t8ux-uube
7
url VCID-zmd3-henq-r7bd
vulnerability_id VCID-zmd3-henq-r7bd
summary Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2533.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2533.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-2533
reference_id
reference_type
scores
0
value 0.02195
scoring_system epss
scoring_elements 0.8433
published_at 2026-04-01T12:55:00Z
1
value 0.02195
scoring_system epss
scoring_elements 0.84411
published_at 2026-04-11T12:55:00Z
2
value 0.02195
scoring_system epss
scoring_elements 0.84394
published_at 2026-04-09T12:55:00Z
3
value 0.02195
scoring_system epss
scoring_elements 0.84388
published_at 2026-04-08T12:55:00Z
4
value 0.02195
scoring_system epss
scoring_elements 0.84366
published_at 2026-04-07T12:55:00Z
5
value 0.02195
scoring_system epss
scoring_elements 0.84364
published_at 2026-04-04T12:55:00Z
6
value 0.02195
scoring_system epss
scoring_elements 0.84344
published_at 2026-04-02T12:55:00Z
7
value 0.02195
scoring_system epss
scoring_elements 0.84426
published_at 2026-04-21T12:55:00Z
8
value 0.02195
scoring_system epss
scoring_elements 0.84424
published_at 2026-04-18T12:55:00Z
9
value 0.02195
scoring_system epss
scoring_elements 0.84401
published_at 2026-04-13T12:55:00Z
10
value 0.02195
scoring_system epss
scoring_elements 0.84405
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-2533
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0740
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0740
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0775
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0775
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2533
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2533
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:N/C:P/I:P/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-3c5c-7235-994j
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-3c5c-7235-994j
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-19.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-19.yaml
8
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
9
reference_url https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst
10
reference_url https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst?plain=1#L53
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst?plain=1#L53
11
reference_url https://github.com/python-pillow/Pillow/commit/5bdf54b5a76b54fb00bd05f2d733e0a4173eefc9
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/5bdf54b5a76b54fb00bd05f2d733e0a4173eefc9
12
reference_url https://github.com/python-pillow/Pillow/commit/5bdf54b5a76b54fb00bd05f2d733e0a4173eefc9#diff-8ff6909c159597e22288ad818938fd6b
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/5bdf54b5a76b54fb00bd05f2d733e0a4173eefc9#diff-8ff6909c159597e22288ad818938fd6b
13
reference_url https://github.com/python-pillow/Pillow/commit/ae453aa18b66af54e7ff716f4ccb33adca60afd4#diff-8ff6909c159597e22288ad818938fd6b
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/ae453aa18b66af54e7ff716f4ccb33adca60afd4#diff-8ff6909c159597e22288ad818938fd6b
14
reference_url https://github.com/python-pillow/Pillow/pull/1706
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/1706
15
reference_url https://security.gentoo.org/glsa/201612-52
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201612-52
16
reference_url http://www.debian.org/security/2016/dsa-3499
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2016/dsa-3499
17
reference_url http://www.openwall.com/lists/oss-security/2016/02/02/5
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/02/02/5
18
reference_url http://www.openwall.com/lists/oss-security/2016/02/22/2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/02/22/2
19
reference_url http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1304504
reference_id 1304504
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1304504
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python_imaging_project:python_imaging:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:python_imaging_project:python_imaging:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python_imaging_project:python_imaging:*:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-2533
reference_id CVE-2016-2533
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:N/A:P
1
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
2
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
3
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-2533
26
reference_url http://www.cvedetails.com/cve/CVE-2016-2533/
reference_id CVE-2016-2533
reference_type
scores
url http://www.cvedetails.com/cve/CVE-2016-2533/
27
reference_url https://usn.ubuntu.com/3080-1/
reference_id USN-3080-1
reference_type
scores
url https://usn.ubuntu.com/3080-1/
28
reference_url https://usn.ubuntu.com/3090-1/
reference_id USN-3090-1
reference_type
scores
url https://usn.ubuntu.com/3090-1/
fixed_packages
0
url pkg:ebuild/dev-python/pillow@3.4.2
purl pkg:ebuild/dev-python/pillow@3.4.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-python/pillow@3.4.2
aliases CVE-2016-2533, GHSA-3c5c-7235-994j, PYSEC-2016-19
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zmd3-henq-r7bd
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:ebuild/dev-python/pillow@3.4.2