Search for packages
| purl | pkg:alpm/archlinux/python-pillow@8.1.0-1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3qb5-8p8w-gkad
Aliases: BIT-pillow-2021-27921 CVE-2021-27921 GHSA-f4w8-cv6p-x6r5 PYSEC-2021-40 |
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. |
Affected by 0 other vulnerabilities. |
|
VCID-53ac-ceq4-qkhf
Aliases: BIT-pillow-2021-27922 CVE-2021-27922 GHSA-3wvg-mj6g-m9cv PYSEC-2021-41 |
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large. |
Affected by 0 other vulnerabilities. |
|
VCID-en6t-uxtq-bfek
Aliases: BIT-pillow-2021-25289 CVE-2021-25289 GHSA-57h3-9rgr-c24m PYSEC-2021-35 |
An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654. |
Affected by 0 other vulnerabilities. |
|
VCID-gvjw-funa-sqak
Aliases: BIT-pillow-2021-27923 CVE-2021-27923 GHSA-95q3-8gr9-gm8w PYSEC-2021-42 |
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large. |
Affected by 0 other vulnerabilities. |
|
VCID-p6r3-puh1-zyg6
Aliases: BIT-pillow-2021-25293 CVE-2021-25293 GHSA-p43w-g3c5-g5mq PYSEC-2021-39 |
An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c. |
Affected by 0 other vulnerabilities. |
|
VCID-rncf-9nf8-wud3
Aliases: BIT-pillow-2021-25290 CVE-2021-25290 GHSA-8xjq-8fcg-g5hw PYSEC-2021-36 |
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size. |
Affected by 0 other vulnerabilities. |
|
VCID-vwbu-ruxm-tbh4
Aliases: BIT-pillow-2021-25291 CVE-2021-25291 GHSA-mvg9-xffr-p774 PYSEC-2021-37 |
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries. |
Affected by 0 other vulnerabilities. |
|
VCID-vxh1-8rvt-kkak
Aliases: BIT-pillow-2021-25292 CVE-2021-25292 GHSA-9hx2-hgq2-2g4f PYSEC-2021-38 |
An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-6gyu-fzpg-c3bn | In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. |
BIT-pillow-2020-35654
CVE-2020-35654 GHSA-vqcj-wrf2-7v73 PYSEC-2021-70 |
| VCID-7bjx-gkf7-cke9 | In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled. |
BIT-pillow-2020-35655
CVE-2020-35655 GHSA-hf64-x4gq-p99h PYSEC-2021-71 |
| VCID-x15z-dejc-9ba6 | In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations. |
BIT-pillow-2020-35653
CVE-2020-35653 GHSA-f5g8-5qq7-938w PYSEC-2021-69 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-03T19:36:58.387150+00:00 | Arch Linux Importer | Fixing | VCID-x15z-dejc-9ba6 | https://security.archlinux.org/AVG-1438 | 38.1.0 |
| 2026-04-03T19:36:58.366050+00:00 | Arch Linux Importer | Fixing | VCID-6gyu-fzpg-c3bn | https://security.archlinux.org/AVG-1438 | 38.1.0 |
| 2026-04-03T19:36:58.344832+00:00 | Arch Linux Importer | Fixing | VCID-7bjx-gkf7-cke9 | https://security.archlinux.org/AVG-1438 | 38.1.0 |
| 2026-04-01T18:26:56.810948+00:00 | Arch Linux Importer | Fixing | VCID-x15z-dejc-9ba6 | https://security.archlinux.org/AVG-1438 | 38.0.0 |
| 2026-04-01T18:26:56.785325+00:00 | Arch Linux Importer | Fixing | VCID-6gyu-fzpg-c3bn | https://security.archlinux.org/AVG-1438 | 38.0.0 |
| 2026-04-01T18:26:56.761800+00:00 | Arch Linux Importer | Fixing | VCID-7bjx-gkf7-cke9 | https://security.archlinux.org/AVG-1438 | 38.0.0 |
| 2026-04-01T18:26:49.644058+00:00 | Arch Linux Importer | Affected by | VCID-en6t-uxtq-bfek | https://security.archlinux.org/AVG-1635 | 38.0.0 |
| 2026-04-01T18:26:49.617444+00:00 | Arch Linux Importer | Affected by | VCID-rncf-9nf8-wud3 | https://security.archlinux.org/AVG-1635 | 38.0.0 |
| 2026-04-01T18:26:49.592680+00:00 | Arch Linux Importer | Affected by | VCID-vwbu-ruxm-tbh4 | https://security.archlinux.org/AVG-1635 | 38.0.0 |
| 2026-04-01T18:26:49.570724+00:00 | Arch Linux Importer | Affected by | VCID-vxh1-8rvt-kkak | https://security.archlinux.org/AVG-1635 | 38.0.0 |
| 2026-04-01T18:26:49.547714+00:00 | Arch Linux Importer | Affected by | VCID-p6r3-puh1-zyg6 | https://security.archlinux.org/AVG-1635 | 38.0.0 |
| 2026-04-01T18:26:49.524882+00:00 | Arch Linux Importer | Affected by | VCID-3qb5-8p8w-gkad | https://security.archlinux.org/AVG-1635 | 38.0.0 |
| 2026-04-01T18:26:49.504007+00:00 | Arch Linux Importer | Affected by | VCID-53ac-ceq4-qkhf | https://security.archlinux.org/AVG-1635 | 38.0.0 |
| 2026-04-01T18:26:49.482439+00:00 | Arch Linux Importer | Affected by | VCID-gvjw-funa-sqak | https://security.archlinux.org/AVG-1635 | 38.0.0 |