VulnerableCode Package Details - pkg:apk/alpine/py3-pillow@6.2.2-r0?arch=armhf&distroversion=v3.16&reponame=community

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-b3au-rcgp-2fag	There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux running 64-bit Python this results in the process being terminated by the OOM killer.	CVE-2019-19911 GHSA-5gm3-px64-rw72 PYSEC-2020-172
VCID-hmmq-5772-bycm	libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.	BIT-pillow-2020-5313 CVE-2020-5313 GHSA-hj69-c76v-86wr PYSEC-2020-84
VCID-m3tm-h4q9-9yay	libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow.	BIT-pillow-2020-5311 CVE-2020-5311 GHSA-r7rm-8j6h-r933 PYSEC-2020-82
VCID-sns1-ksqr-vbhr	libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.	BIT-pillow-2020-5312 CVE-2020-5312 GHSA-p49h-hjvm-jg3h PYSEC-2020-83
VCID-stft-hsk9-zfdy	libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc.	BIT-pillow-2020-5310 CVE-2020-5310 GHSA-vcqg-3p29-xw73 PYSEC-2020-81

Vulnerability

Summary

Aliases

VCID-b3au-rcgp-2fag

There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux running 64-bit Python this results in the process being terminated by the OOM killer.

CVE-2019-19911
GHSA-5gm3-px64-rw72
PYSEC-2020-172

VCID-hmmq-5772-bycm

libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.

BIT-pillow-2020-5313
CVE-2020-5313
GHSA-hj69-c76v-86wr
PYSEC-2020-84

VCID-m3tm-h4q9-9yay

libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow.

BIT-pillow-2020-5311
CVE-2020-5311
GHSA-r7rm-8j6h-r933
PYSEC-2020-82

VCID-sns1-ksqr-vbhr

libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.

BIT-pillow-2020-5312
CVE-2020-5312
GHSA-p49h-hjvm-jg3h
PYSEC-2020-83

VCID-stft-hsk9-zfdy

libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc.

BIT-pillow-2020-5310
CVE-2020-5310
GHSA-vcqg-3p29-xw73
PYSEC-2020-81

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-03T17:57:49.454042+00:00	Alpine Linux Importer	Fixing	VCID-b3au-rcgp-2fag	https://secdb.alpinelinux.org/v3.16/community.json	38.1.0
2026-04-03T17:46:53.599786+00:00	Alpine Linux Importer	Fixing	VCID-hmmq-5772-bycm	https://secdb.alpinelinux.org/v3.16/community.json	38.1.0
2026-04-01T19:06:19.143328+00:00	Alpine Linux Importer	Fixing	VCID-m3tm-h4q9-9yay	https://secdb.alpinelinux.org/v3.16/community.json	38.0.0
2026-04-01T18:59:30.508969+00:00	Alpine Linux Importer	Fixing	VCID-stft-hsk9-zfdy	https://secdb.alpinelinux.org/v3.16/community.json	38.0.0
2026-04-01T18:59:02.072976+00:00	Alpine Linux Importer	Fixing	VCID-sns1-ksqr-vbhr	https://secdb.alpinelinux.org/v3.16/community.json	38.0.0