Search for packages
| purl | pkg:pypi/pillow@0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-avx2-mahw-mqes
Aliases: CVE-2016-4009 GHSA-hvr8-466p-75rh PYSEC-2016-7 |
Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow. |
Affected by 47 other vulnerabilities. |
|
VCID-b3au-rcgp-2fag
Aliases: CVE-2019-19911 GHSA-5gm3-px64-rw72 PYSEC-2020-172 |
There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux running 64-bit Python this results in the process being terminated by the OOM killer. |
Affected by 37 other vulnerabilities. |
|
VCID-dgds-v95g-pbcv
Aliases: CVE-2016-0740 GHSA-hggx-3h72-49ww PYSEC-2016-5 |
Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file. |
Affected by 47 other vulnerabilities. |
|
VCID-e3gp-zc2b-budg
Aliases: CVE-2016-9189 GHSA-rwr3-c2q8-gm56 PYSEC-2016-8 |
Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component. |
Affected by 44 other vulnerabilities. |
|
VCID-en6t-uxtq-bfek
Aliases: BIT-pillow-2021-25289 CVE-2021-25289 GHSA-57h3-9rgr-c24m PYSEC-2021-35 |
An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654. |
Affected by 24 other vulnerabilities. |
|
VCID-n1hp-atex-ubh4
Aliases: BIT-pillow-2023-44271 CVE-2023-44271 GHSA-8ghj-p4vj-mr35 PYSEC-2023-227 |
An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. |
Affected by 5 other vulnerabilities. |
|
VCID-rncf-9nf8-wud3
Aliases: BIT-pillow-2021-25290 CVE-2021-25290 GHSA-8xjq-8fcg-g5hw PYSEC-2021-36 |
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size. |
Affected by 24 other vulnerabilities. |
|
VCID-stft-hsk9-zfdy
Aliases: BIT-pillow-2020-5310 CVE-2020-5310 GHSA-vcqg-3p29-xw73 PYSEC-2020-81 |
libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc. |
Affected by 37 other vulnerabilities. |
|
VCID-x15z-dejc-9ba6
Aliases: BIT-pillow-2020-35653 CVE-2020-35653 GHSA-f5g8-5qq7-938w PYSEC-2021-69 |
In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations. |
Affected by 29 other vulnerabilities. |
|
VCID-zmd3-henq-r7bd
Aliases: CVE-2016-2533 GHSA-3c5c-7235-994j PYSEC-2016-19 |
Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file. |
Affected by 47 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-02T17:00:38.484446+00:00 | GHSA Importer | Affected by | VCID-n1hp-atex-ubh4 | https://github.com/advisories/GHSA-8ghj-p4vj-mr35 | 38.1.0 |
| 2026-04-02T16:58:24.955640+00:00 | GHSA Importer | Affected by | VCID-stft-hsk9-zfdy | https://github.com/advisories/GHSA-vcqg-3p29-xw73 | 38.1.0 |
| 2026-04-02T16:56:19.902246+00:00 | GHSA Importer | Affected by | VCID-rncf-9nf8-wud3 | https://github.com/advisories/GHSA-8xjq-8fcg-g5hw | 38.1.0 |
| 2026-04-02T16:56:19.844442+00:00 | GHSA Importer | Affected by | VCID-en6t-uxtq-bfek | https://github.com/advisories/GHSA-57h3-9rgr-c24m | 38.1.0 |
| 2026-04-02T16:56:14.967327+00:00 | GHSA Importer | Affected by | VCID-x15z-dejc-9ba6 | https://github.com/advisories/GHSA-f5g8-5qq7-938w | 38.1.0 |
| 2026-04-01T15:58:02.786025+00:00 | GHSA Importer | Affected by | VCID-b3au-rcgp-2fag | https://github.com/advisories/GHSA-5gm3-px64-rw72 | 38.0.0 |
| 2026-04-01T15:56:34.267122+00:00 | GHSA Importer | Affected by | VCID-avx2-mahw-mqes | https://github.com/advisories/GHSA-hvr8-466p-75rh | 38.0.0 |
| 2026-04-01T15:56:34.208027+00:00 | GHSA Importer | Affected by | VCID-zmd3-henq-r7bd | https://github.com/advisories/GHSA-3c5c-7235-994j | 38.0.0 |
| 2026-04-01T15:56:34.093651+00:00 | GHSA Importer | Affected by | VCID-e3gp-zc2b-budg | https://github.com/advisories/GHSA-rwr3-c2q8-gm56 | 38.0.0 |
| 2026-04-01T15:56:33.851173+00:00 | GHSA Importer | Affected by | VCID-dgds-v95g-pbcv | https://github.com/advisories/GHSA-hggx-3h72-49ww | 38.0.0 |