VulnerableCode Package Details - pkg:ebuild/dev-python/pillow@8.2.0

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-3qb5-8p8w-gkad	Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.	BIT-pillow-2021-27921 CVE-2021-27921 GHSA-f4w8-cv6p-x6r5 PYSEC-2021-40
VCID-3uk9-eds5-rkgc	An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load.	BIT-pillow-2021-28675 CVE-2021-28675 GHSA-g6rj-rv7j-xwp4 PYSEC-2021-139
VCID-53ac-ceq4-qkhf	Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.	BIT-pillow-2021-27922 CVE-2021-27922 GHSA-3wvg-mj6g-m9cv PYSEC-2021-41
VCID-aubw-tsmn-ffcq	An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a DoS of Pillow in the open phase, before an image was accepted for opening.	BIT-pillow-2021-28677 CVE-2021-28677 GHSA-q5hq-fp76-qmrc PYSEC-2021-93
VCID-en6t-uxtq-bfek	An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.	BIT-pillow-2021-25289 CVE-2021-25289 GHSA-57h3-9rgr-c24m PYSEC-2021-35
VCID-gvjw-funa-sqak	Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.	BIT-pillow-2021-27923 CVE-2021-27923 GHSA-95q3-8gr9-gm8w PYSEC-2021-42
VCID-n1w5-f5p7-xuhb	An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.	BIT-pillow-2021-25287 CVE-2021-25287 GHSA-77gc-v2xv-rvvh PYSEC-2021-137
VCID-p6r3-puh1-zyg6	An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.	BIT-pillow-2021-25293 CVE-2021-25293 GHSA-p43w-g3c5-g5mq PYSEC-2021-39
VCID-rncf-9nf8-wud3	An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.	BIT-pillow-2021-25290 CVE-2021-25290 GHSA-8xjq-8fcg-g5hw PYSEC-2021-36
VCID-ue18-zzau-x7hy	An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i.	BIT-pillow-2021-25288 CVE-2021-25288 GHSA-rwv7-3v45-hg29 PYSEC-2021-138
VCID-vwbu-ruxm-tbh4	An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.	BIT-pillow-2021-25291 CVE-2021-25291 GHSA-mvg9-xffr-p774 PYSEC-2021-37
VCID-vxh1-8rvt-kkak	An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.	BIT-pillow-2021-25292 CVE-2021-25292 GHSA-9hx2-hgq2-2g4f PYSEC-2021-38
VCID-vyzt-df2u-h3cc	An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data.	BIT-pillow-2021-28678 CVE-2021-28678 GHSA-hjfx-8p6c-g7gx PYSEC-2021-94
VCID-xesd-d294-7fcx	An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load.	BIT-pillow-2021-28676 CVE-2021-28676 GHSA-7r7m-5h27-29hp PYSEC-2021-92

Vulnerability

Summary

Aliases

VCID-3qb5-8p8w-gkad

Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.

BIT-pillow-2021-27921
CVE-2021-27921
GHSA-f4w8-cv6p-x6r5
PYSEC-2021-40

VCID-3uk9-eds5-rkgc

An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load.

BIT-pillow-2021-28675
CVE-2021-28675
GHSA-g6rj-rv7j-xwp4
PYSEC-2021-139

VCID-53ac-ceq4-qkhf

Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.

BIT-pillow-2021-27922
CVE-2021-27922
GHSA-3wvg-mj6g-m9cv
PYSEC-2021-41

VCID-aubw-tsmn-ffcq

An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a DoS of Pillow in the open phase, before an image was accepted for opening.

BIT-pillow-2021-28677
CVE-2021-28677
GHSA-q5hq-fp76-qmrc
PYSEC-2021-93

VCID-en6t-uxtq-bfek

An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.

BIT-pillow-2021-25289
CVE-2021-25289
GHSA-57h3-9rgr-c24m
PYSEC-2021-35

VCID-gvjw-funa-sqak

Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.

BIT-pillow-2021-27923
CVE-2021-27923
GHSA-95q3-8gr9-gm8w
PYSEC-2021-42

VCID-n1w5-f5p7-xuhb

An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.

BIT-pillow-2021-25287
CVE-2021-25287
GHSA-77gc-v2xv-rvvh
PYSEC-2021-137

VCID-p6r3-puh1-zyg6

An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.

BIT-pillow-2021-25293
CVE-2021-25293
GHSA-p43w-g3c5-g5mq
PYSEC-2021-39

VCID-rncf-9nf8-wud3

An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.

BIT-pillow-2021-25290
CVE-2021-25290
GHSA-8xjq-8fcg-g5hw
PYSEC-2021-36

VCID-ue18-zzau-x7hy

An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i.

BIT-pillow-2021-25288
CVE-2021-25288
GHSA-rwv7-3v45-hg29
PYSEC-2021-138

VCID-vwbu-ruxm-tbh4

An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.

BIT-pillow-2021-25291
CVE-2021-25291
GHSA-mvg9-xffr-p774
PYSEC-2021-37

VCID-vxh1-8rvt-kkak

An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.

BIT-pillow-2021-25292
CVE-2021-25292
GHSA-9hx2-hgq2-2g4f
PYSEC-2021-38

VCID-vyzt-df2u-h3cc

An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data.

BIT-pillow-2021-28678
CVE-2021-28678
GHSA-hjfx-8p6c-g7gx
PYSEC-2021-94

VCID-xesd-d294-7fcx

An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load.

BIT-pillow-2021-28676
CVE-2021-28676
GHSA-7r7m-5h27-29hp
PYSEC-2021-92

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T13:03:34.534702+00:00	Gentoo Importer	Fixing	VCID-vyzt-df2u-h3cc	https://security.gentoo.org/glsa/202107-33	38.0.0
2026-04-01T13:03:34.525601+00:00	Gentoo Importer	Fixing	VCID-aubw-tsmn-ffcq	https://security.gentoo.org/glsa/202107-33	38.0.0
2026-04-01T13:03:34.516630+00:00	Gentoo Importer	Fixing	VCID-xesd-d294-7fcx	https://security.gentoo.org/glsa/202107-33	38.0.0
2026-04-01T13:03:34.507531+00:00	Gentoo Importer	Fixing	VCID-3uk9-eds5-rkgc	https://security.gentoo.org/glsa/202107-33	38.0.0
2026-04-01T13:03:34.498196+00:00	Gentoo Importer	Fixing	VCID-gvjw-funa-sqak	https://security.gentoo.org/glsa/202107-33	38.0.0
2026-04-01T13:03:34.489549+00:00	Gentoo Importer	Fixing	VCID-53ac-ceq4-qkhf	https://security.gentoo.org/glsa/202107-33	38.0.0
2026-04-01T13:03:34.478779+00:00	Gentoo Importer	Fixing	VCID-3qb5-8p8w-gkad	https://security.gentoo.org/glsa/202107-33	38.0.0
2026-04-01T13:03:34.467101+00:00	Gentoo Importer	Fixing	VCID-p6r3-puh1-zyg6	https://security.gentoo.org/glsa/202107-33	38.0.0
2026-04-01T13:03:34.457572+00:00	Gentoo Importer	Fixing	VCID-vxh1-8rvt-kkak	https://security.gentoo.org/glsa/202107-33	38.0.0
2026-04-01T13:03:34.447632+00:00	Gentoo Importer	Fixing	VCID-vwbu-ruxm-tbh4	https://security.gentoo.org/glsa/202107-33	38.0.0
2026-04-01T13:03:34.437828+00:00	Gentoo Importer	Fixing	VCID-rncf-9nf8-wud3	https://security.gentoo.org/glsa/202107-33	38.0.0
2026-04-01T13:03:34.428056+00:00	Gentoo Importer	Fixing	VCID-en6t-uxtq-bfek	https://security.gentoo.org/glsa/202107-33	38.0.0
2026-04-01T13:03:34.418232+00:00	Gentoo Importer	Fixing	VCID-ue18-zzau-x7hy	https://security.gentoo.org/glsa/202107-33	38.0.0
2026-04-01T13:03:34.409523+00:00	Gentoo Importer	Fixing	VCID-n1w5-f5p7-xuhb	https://security.gentoo.org/glsa/202107-33	38.0.0