VulnerableCode Package Details - pkg:deb/debian/pillow@9.0.0-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-df4x-jt3h-17hx	path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.	BIT-pillow-2022-22816 CVE-2022-22816 GHSA-xrcv-f9gm-v42c PYSEC-2022-9
VCID-dpc3-td9q-dyee	path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.	BIT-pillow-2022-22815 CVE-2022-22815 GHSA-pw3c-h7wp-cvhx PYSEC-2022-8
VCID-q4bb-qnxe-8bfa	PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method.	BIT-pillow-2022-22817 CVE-2022-22817 GHSA-8vj2-vxx3-667w PYSEC-2022-10

Vulnerability

Summary

Aliases

VCID-df4x-jt3h-17hx

path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.

BIT-pillow-2022-22816
CVE-2022-22816
GHSA-xrcv-f9gm-v42c
PYSEC-2022-9

VCID-dpc3-td9q-dyee

path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.

BIT-pillow-2022-22815
CVE-2022-22815
GHSA-pw3c-h7wp-cvhx
PYSEC-2022-8

VCID-q4bb-qnxe-8bfa

PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method.

BIT-pillow-2022-22817
CVE-2022-22817
GHSA-8vj2-vxx3-667w
PYSEC-2022-10

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:10:47.541756+00:00	Debian Importer	Fixing	VCID-dpc3-td9q-dyee	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:43:06.230743+00:00	Debian Importer	Fixing	VCID-q4bb-qnxe-8bfa	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:26:23.353257+00:00	Debian Importer	Fixing	VCID-df4x-jt3h-17hx	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T09:04:05.986786+00:00	Debian Importer	Fixing	VCID-dpc3-td9q-dyee	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:43:10.860474+00:00	Debian Importer	Fixing	VCID-q4bb-qnxe-8bfa	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:17:55.201552+00:00	Debian Importer	Fixing	VCID-df4x-jt3h-17hx	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:50:03.019719+00:00	Debian Importer	Fixing	VCID-q4bb-qnxe-8bfa	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:50:02.971886+00:00	Debian Importer	Fixing	VCID-df4x-jt3h-17hx	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:50:02.922803+00:00	Debian Importer	Fixing	VCID-dpc3-td9q-dyee	https://security-tracker.debian.org/tracker/data/json	38.1.0