VulnerableCode Package Details - pkg:alpm/archlinux/python-pillow@8.0.1-3

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:alpm/archlinux/python-pillow@8.0.1-3

Essentials
History (6)

purl	pkg:alpm/archlinux/python-pillow@8.0.1-3

Next non-vulnerable version	8.1.2-1
Latest non-vulnerable version	11.3.0-1
Risk	4.4

Vulnerabilities affecting this package (3)

Vulnerability	Summary	Fixed by
VCID-6gyu-fzpg-c3bn Aliases: BIT-pillow-2020-35654 CVE-2020-35654 GHSA-vqcj-wrf2-7v73 PYSEC-2021-70	In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.	8.1.0-1 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-7bjx-gkf7-cke9 Aliases: BIT-pillow-2020-35655 CVE-2020-35655 GHSA-hf64-x4gq-p99h PYSEC-2021-71	In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.	8.1.0-1 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-x15z-dejc-9ba6 Aliases: BIT-pillow-2020-35653 CVE-2020-35653 GHSA-f5g8-5qq7-938w PYSEC-2021-69	In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.	8.1.0-1 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-03T19:36:58.383987+00:00	Arch Linux Importer	Affected by	VCID-x15z-dejc-9ba6	https://security.archlinux.org/AVG-1438	38.1.0
2026-04-03T19:36:58.362909+00:00	Arch Linux Importer	Affected by	VCID-6gyu-fzpg-c3bn	https://security.archlinux.org/AVG-1438	38.1.0
2026-04-03T19:36:58.341480+00:00	Arch Linux Importer	Affected by	VCID-7bjx-gkf7-cke9	https://security.archlinux.org/AVG-1438	38.1.0
2026-04-01T18:26:56.807011+00:00	Arch Linux Importer	Affected by	VCID-x15z-dejc-9ba6	https://security.archlinux.org/AVG-1438	38.0.0
2026-04-01T18:26:56.781401+00:00	Arch Linux Importer	Affected by	VCID-6gyu-fzpg-c3bn	https://security.archlinux.org/AVG-1438	38.0.0
2026-04-01T18:26:56.757954+00:00	Arch Linux Importer	Affected by	VCID-7bjx-gkf7-cke9	https://security.archlinux.org/AVG-1438	38.0.0