Search for packages
| purl | pkg:ebuild/dev-python/pillow@3.4.2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-366h-8f99-r7at | Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file. |
CVE-2016-0775
GHSA-8xjv-v9xq-m5h9 PYSEC-2016-6 |
| VCID-avx2-mahw-mqes | Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow. |
CVE-2016-4009
GHSA-hvr8-466p-75rh PYSEC-2016-7 |
| VCID-dgds-v95g-pbcv | Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file. |
CVE-2016-0740
GHSA-hggx-3h72-49ww PYSEC-2016-5 |
| VCID-dgy9-uh9h-xfft | The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file. |
CVE-2014-1932
GHSA-x895-2wrm-hvp7 PYSEC-2014-22 |
| VCID-e3gp-zc2b-budg | Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component. |
CVE-2016-9189
GHSA-rwr3-c2q8-gm56 PYSEC-2016-8 |
| VCID-ptk9-u246-q7gh | The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes. |
CVE-2014-1933
GHSA-r854-96gq-rfg3 PYSEC-2014-23 |
| VCID-u1en-t8ux-uube | Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component. |
CVE-2016-9190
GHSA-w4vg-rf63-f3j3 PYSEC-2016-9 |
| VCID-zmd3-henq-r7bd | Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file. |
CVE-2016-2533
GHSA-3c5c-7235-994j PYSEC-2016-19 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T13:14:22.491450+00:00 | Gentoo Importer | Fixing | VCID-u1en-t8ux-uube | https://security.gentoo.org/glsa/201612-52 | 38.0.0 |
| 2026-04-01T13:14:22.475785+00:00 | Gentoo Importer | Fixing | VCID-e3gp-zc2b-budg | https://security.gentoo.org/glsa/201612-52 | 38.0.0 |
| 2026-04-01T13:14:22.459028+00:00 | Gentoo Importer | Fixing | VCID-avx2-mahw-mqes | https://security.gentoo.org/glsa/201612-52 | 38.0.0 |
| 2026-04-01T13:14:22.442427+00:00 | Gentoo Importer | Fixing | VCID-zmd3-henq-r7bd | https://security.gentoo.org/glsa/201612-52 | 38.0.0 |
| 2026-04-01T13:14:22.426505+00:00 | Gentoo Importer | Fixing | VCID-366h-8f99-r7at | https://security.gentoo.org/glsa/201612-52 | 38.0.0 |
| 2026-04-01T13:14:22.410770+00:00 | Gentoo Importer | Fixing | VCID-dgds-v95g-pbcv | https://security.gentoo.org/glsa/201612-52 | 38.0.0 |
| 2026-04-01T13:14:22.394861+00:00 | Gentoo Importer | Fixing | VCID-ptk9-u246-q7gh | https://security.gentoo.org/glsa/201612-52 | 38.0.0 |
| 2026-04-01T13:14:22.379123+00:00 | Gentoo Importer | Fixing | VCID-dgy9-uh9h-xfft | https://security.gentoo.org/glsa/201612-52 | 38.0.0 |