VulnerableCode Package Details - pkg:deb/debian/pillow@8.1.0-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-6gyu-fzpg-c3bn	In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.	BIT-pillow-2020-35654 CVE-2020-35654 GHSA-vqcj-wrf2-7v73 PYSEC-2021-70
VCID-7bjx-gkf7-cke9	In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.	BIT-pillow-2020-35655 CVE-2020-35655 GHSA-hf64-x4gq-p99h PYSEC-2021-71
VCID-x15z-dejc-9ba6	In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.	BIT-pillow-2020-35653 CVE-2020-35653 GHSA-f5g8-5qq7-938w PYSEC-2021-69

Vulnerability

Summary

Aliases

VCID-6gyu-fzpg-c3bn

In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.

BIT-pillow-2020-35654
CVE-2020-35654
GHSA-vqcj-wrf2-7v73
PYSEC-2021-70

VCID-7bjx-gkf7-cke9

In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.

BIT-pillow-2020-35655
CVE-2020-35655
GHSA-hf64-x4gq-p99h
PYSEC-2021-71

VCID-x15z-dejc-9ba6

In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.

BIT-pillow-2020-35653
CVE-2020-35653
GHSA-f5g8-5qq7-938w
PYSEC-2021-69

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T11:52:56.643609+00:00	Debian Importer	Fixing	VCID-6gyu-fzpg-c3bn	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:34:02.992517+00:00	Debian Importer	Fixing	VCID-x15z-dejc-9ba6	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:25:37.566005+00:00	Debian Importer	Fixing	VCID-7bjx-gkf7-cke9	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:06:44.020723+00:00	Debian Importer	Fixing	VCID-6gyu-fzpg-c3bn	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:22:30.492001+00:00	Debian Importer	Fixing	VCID-x15z-dejc-9ba6	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:17:29.505193+00:00	Debian Importer	Fixing	VCID-7bjx-gkf7-cke9	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:50:01.964969+00:00	Debian Importer	Fixing	VCID-7bjx-gkf7-cke9	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:50:01.923748+00:00	Debian Importer	Fixing	VCID-6gyu-fzpg-c3bn	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:50:01.882726+00:00	Debian Importer	Fixing	VCID-x15z-dejc-9ba6	https://security-tracker.debian.org/tracker/data/json	38.1.0