VulnerableCode Package Details - pkg:pypi/pillow@10.0.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-64n5-pugj-vue8 Aliases: CVE-2024-28219 GHSA-44wm-f244-xhp3	Pillow buffer overflow vulnerability In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.	10.3.0 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-9ckw-ra54-z3b7 Aliases: CVE-2023-50447 GHSA-3f63-hfp8-52jq	Arbitrary Code Execution in Pillow Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).	10.2.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-64n5-pugj-vue8
Aliases:
CVE-2024-28219
GHSA-44wm-f244-xhp3

Pillow buffer overflow vulnerability In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.

10.3.0
Affected by 2 other vulnerabilities.

VCID-9ckw-ra54-z3b7
Aliases:
CVE-2023-50447
GHSA-3f63-hfp8-52jq

Arbitrary Code Execution in Pillow Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).

10.2.0
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-5rv4-k1q9-zue2	Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). Pillow v10.0.1 upgrades the bundled libwebp binary to v1.3.2.	PYSEC-2023-175
VCID-d7uf-zdbv-sba1	Duplicate This advisory duplicates another.	GHSA-56pw-mpj4-fxww GMS-2023-3137
VCID-vdzj-kqfy-d3b7	libwebp: OOB write in BuildHuffmanTable Heap buffer overflow in libwebp allow a remote attacker to perform an out of bounds memory write via a crafted HTML page.	CVE-2023-4863 GHSA-j7hp-h8jx-5ppr

Vulnerability

Summary

Aliases

VCID-5rv4-k1q9-zue2

Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). Pillow v10.0.1 upgrades the bundled libwebp binary to v1.3.2.

PYSEC-2023-175

VCID-d7uf-zdbv-sba1

Duplicate This advisory duplicates another.

GHSA-56pw-mpj4-fxww
GMS-2023-3137

VCID-vdzj-kqfy-d3b7

libwebp: OOB write in BuildHuffmanTable Heap buffer overflow in libwebp allow a remote attacker to perform an out of bounds memory write via a crafted HTML page.

CVE-2023-4863
GHSA-j7hp-h8jx-5ppr

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T22:55:08.481798+00:00	GitLab Importer	Affected by	VCID-64n5-pugj-vue8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2024-28219.yml	38.4.0
2026-04-16T22:48:14.692708+00:00	GitLab Importer	Affected by	VCID-9ckw-ra54-z3b7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-50447.yml	38.4.0
2026-04-16T22:40:03.280841+00:00	GitLab Importer	Fixing	VCID-d7uf-zdbv-sba1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/GHSA-56pw-mpj4-fxww.yml	38.4.0
2026-04-12T00:13:40.557305+00:00	GitLab Importer	Affected by	VCID-64n5-pugj-vue8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2024-28219.yml	38.3.0
2026-04-12T00:08:03.129589+00:00	GitLab Importer	Affected by	VCID-9ckw-ra54-z3b7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-50447.yml	38.3.0
2026-04-11T23:59:30.724967+00:00	GitLab Importer	Fixing	VCID-d7uf-zdbv-sba1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/GHSA-56pw-mpj4-fxww.yml	38.3.0
2026-04-03T00:19:58.644235+00:00	GitLab Importer	Affected by	VCID-64n5-pugj-vue8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2024-28219.yml	38.1.0
2026-04-03T00:12:42.513960+00:00	GitLab Importer	Affected by	VCID-9ckw-ra54-z3b7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-50447.yml	38.1.0
2026-04-03T00:02:34.349900+00:00	GitLab Importer	Fixing	VCID-d7uf-zdbv-sba1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/GHSA-56pw-mpj4-fxww.yml	38.1.0
2026-04-02T17:00:22.302804+00:00	GHSA Importer	Fixing	VCID-d7uf-zdbv-sba1	https://github.com/advisories/GHSA-56pw-mpj4-fxww	38.1.0
2026-04-02T17:00:12.619940+00:00	GHSA Importer	Fixing	VCID-vdzj-kqfy-d3b7	https://github.com/advisories/GHSA-j7hp-h8jx-5ppr	38.1.0
2026-04-01T15:14:49.807792+00:00	PyPI Importer	Fixing	VCID-5rv4-k1q9-zue2	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.0.0
2026-04-01T12:57:50.960581+00:00	GithubOSV Importer	Fixing	VCID-vdzj-kqfy-d3b7	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/09/GHSA-j7hp-h8jx-5ppr/GHSA-j7hp-h8jx-5ppr.json	38.0.0
2026-04-01T12:57:22.105273+00:00	GithubOSV Importer	Fixing	VCID-d7uf-zdbv-sba1	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-56pw-mpj4-fxww/GHSA-56pw-mpj4-fxww.json	38.0.0
2026-04-01T12:51:54.066660+00:00	GitLab Importer	Fixing	VCID-d7uf-zdbv-sba1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/GHSA-56pw-mpj4-fxww.yml	38.0.0
2026-04-01T12:51:47.783920+00:00	GitLab Importer	Fixing	VCID-vdzj-kqfy-d3b7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-4863.yml	38.0.0
2026-04-01T12:50:24.002864+00:00	Pypa Importer	Fixing	VCID-5rv4-k1q9-zue2	https://github.com/pypa/advisory-database/blob/main/vulns/pillow/PYSEC-2023-175.yaml	38.0.0