Search for packages
| purl | pkg:deb/debian/pillow@0?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-4n96-uzyf-tud6 | Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL. |
BIT-pillow-2022-45199
CVE-2022-45199 GHSA-q4mp-jvh2-76fj PYSEC-2022-42980 |
| VCID-67yw-ej31-8ub1 | Pillow affected by out-of-bounds write when loading PSD images ### Impact An out-of-bounds write may be triggered when loading a specially crafted PSD image. Pillow >= 10.3.0 users are affected. ### Patches Pillow 12.1.1 will be released shortly with a fix for this. ### Workarounds `Image.open()` has a `formats` parameter that can be used to prevent PSD images from being opened. ### References Pillow 12.1.1 will add release notes at https://pillow.readthedocs.io/en/stable/releasenotes/index.html |
CVE-2026-25990
GHSA-cfh3-3jmp-rvhc |
| VCID-ca8h-871t-t3dd | FITS GZIP decompression bomb in Pillow |
CVE-2026-40192
GHSA-whj4-6x5x-4v2j |
| VCID-gwy8-wkwf-77c3 | libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files. |
BIT-pillow-2022-30595
CVE-2022-30595 GHSA-hr8g-f6r6-mr22 PYSEC-2022-43145 |
| VCID-nwmf-sbj1-buak | Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. This issue has been patched in version 11.3.0. |
BIT-pillow-2025-48379
CVE-2025-48379 GHSA-xg8h-j46f-w952 PYSEC-2025-61 |