VulnerableCode Package Details - pkg:pypi/pillow@10.2.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-64n5-pugj-vue8 Aliases: CVE-2024-28219 GHSA-44wm-f244-xhp3	Pillow buffer overflow vulnerability In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.	10.3.0 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-64n5-pugj-vue8
Aliases:
CVE-2024-28219
GHSA-44wm-f244-xhp3

Pillow buffer overflow vulnerability In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.

10.3.0
Affected by 2 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-9ckw-ra54-z3b7	Arbitrary Code Execution in Pillow Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).	CVE-2023-50447 GHSA-3f63-hfp8-52jq

Vulnerability

Summary

Aliases

VCID-9ckw-ra54-z3b7

Arbitrary Code Execution in Pillow Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).

CVE-2023-50447
GHSA-3f63-hfp8-52jq

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T22:55:08.488766+00:00	GitLab Importer	Affected by	VCID-64n5-pugj-vue8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2024-28219.yml	38.4.0
2026-04-16T22:48:14.700050+00:00	GitLab Importer	Fixing	VCID-9ckw-ra54-z3b7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-50447.yml	38.4.0
2026-04-12T00:13:40.564604+00:00	GitLab Importer	Affected by	VCID-64n5-pugj-vue8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2024-28219.yml	38.3.0
2026-04-12T00:08:03.136752+00:00	GitLab Importer	Fixing	VCID-9ckw-ra54-z3b7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-50447.yml	38.3.0
2026-04-03T00:19:58.651729+00:00	GitLab Importer	Affected by	VCID-64n5-pugj-vue8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2024-28219.yml	38.1.0
2026-04-03T00:12:42.522266+00:00	GitLab Importer	Fixing	VCID-9ckw-ra54-z3b7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-50447.yml	38.1.0
2026-04-01T16:04:21.744966+00:00	GHSA Importer	Fixing	VCID-9ckw-ra54-z3b7	https://github.com/advisories/GHSA-3f63-hfp8-52jq	38.0.0
2026-04-01T12:52:24.016020+00:00	GitLab Importer	Fixing	VCID-9ckw-ra54-z3b7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-50447.yml	38.0.0
2026-04-01T12:50:01.505055+00:00	GithubOSV Importer	Fixing	VCID-9ckw-ra54-z3b7	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-3f63-hfp8-52jq/GHSA-3f63-hfp8-52jq.json	38.0.0