Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/python-pillow@5.1.1-16?arch=el8
purl pkg:rpm/redhat/python-pillow@5.1.1-16?arch=el8
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.5
Vulnerabilities affecting this package (15)
Vulnerability Summary Fixed by
VCID-3qb5-8p8w-gkad
Aliases:
BIT-pillow-2021-27921
CVE-2021-27921
GHSA-f4w8-cv6p-x6r5
PYSEC-2021-40
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. There are no reported fixed by versions.
VCID-3uk9-eds5-rkgc
Aliases:
BIT-pillow-2021-28675
CVE-2021-28675
GHSA-g6rj-rv7j-xwp4
PYSEC-2021-139
An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load. There are no reported fixed by versions.
VCID-53ac-ceq4-qkhf
Aliases:
BIT-pillow-2021-27922
CVE-2021-27922
GHSA-3wvg-mj6g-m9cv
PYSEC-2021-41
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large. There are no reported fixed by versions.
VCID-7bjx-gkf7-cke9
Aliases:
BIT-pillow-2020-35655
CVE-2020-35655
GHSA-hf64-x4gq-p99h
PYSEC-2021-71
In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled. There are no reported fixed by versions.
VCID-aubw-tsmn-ffcq
Aliases:
BIT-pillow-2021-28677
CVE-2021-28677
GHSA-q5hq-fp76-qmrc
PYSEC-2021-93
An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a DoS of Pillow in the open phase, before an image was accepted for opening. There are no reported fixed by versions.
VCID-gvjw-funa-sqak
Aliases:
BIT-pillow-2021-27923
CVE-2021-27923
GHSA-95q3-8gr9-gm8w
PYSEC-2021-42
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large. There are no reported fixed by versions.
VCID-n1w5-f5p7-xuhb
Aliases:
BIT-pillow-2021-25287
CVE-2021-25287
GHSA-77gc-v2xv-rvvh
PYSEC-2021-137
An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la. There are no reported fixed by versions.
VCID-p6r3-puh1-zyg6
Aliases:
BIT-pillow-2021-25293
CVE-2021-25293
GHSA-p43w-g3c5-g5mq
PYSEC-2021-39
An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c. There are no reported fixed by versions.
VCID-rncf-9nf8-wud3
Aliases:
BIT-pillow-2021-25290
CVE-2021-25290
GHSA-8xjq-8fcg-g5hw
PYSEC-2021-36
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size. There are no reported fixed by versions.
VCID-ue18-zzau-x7hy
Aliases:
BIT-pillow-2021-25288
CVE-2021-25288
GHSA-rwv7-3v45-hg29
PYSEC-2021-138
An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i. There are no reported fixed by versions.
VCID-vxh1-8rvt-kkak
Aliases:
BIT-pillow-2021-25292
CVE-2021-25292
GHSA-9hx2-hgq2-2g4f
PYSEC-2021-38
An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex. There are no reported fixed by versions.
VCID-vyzt-df2u-h3cc
Aliases:
BIT-pillow-2021-28678
CVE-2021-28678
GHSA-hjfx-8p6c-g7gx
PYSEC-2021-94
An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data. There are no reported fixed by versions.
VCID-w9uy-fnpm-cbak
Aliases:
BIT-pillow-2021-34552
CVE-2021-34552
GHSA-7534-mm45-c74v
PYSEC-2021-331
Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c. There are no reported fixed by versions.
VCID-x15z-dejc-9ba6
Aliases:
BIT-pillow-2020-35653
CVE-2020-35653
GHSA-f5g8-5qq7-938w
PYSEC-2021-69
In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations. There are no reported fixed by versions.
VCID-xesd-d294-7fcx
Aliases:
BIT-pillow-2021-28676
CVE-2021-28676
GHSA-7r7m-5h27-29hp
PYSEC-2021-92
An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:03:35.500087+00:00 RedHat Importer Affected by VCID-7bjx-gkf7-cke9 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35655.json 38.0.0
2026-04-01T14:03:35.450369+00:00 RedHat Importer Affected by VCID-x15z-dejc-9ba6 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35653.json 38.0.0
2026-04-01T14:03:05.034797+00:00 RedHat Importer Affected by VCID-p6r3-puh1-zyg6 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25293.json 38.0.0
2026-04-01T14:03:05.003518+00:00 RedHat Importer Affected by VCID-vxh1-8rvt-kkak https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25292.json 38.0.0
2026-04-01T14:03:04.954600+00:00 RedHat Importer Affected by VCID-rncf-9nf8-wud3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25290.json 38.0.0
2026-04-01T14:02:59.434781+00:00 RedHat Importer Affected by VCID-gvjw-funa-sqak https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27923.json 38.0.0
2026-04-01T14:02:59.408481+00:00 RedHat Importer Affected by VCID-53ac-ceq4-qkhf https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27922.json 38.0.0
2026-04-01T14:02:59.382048+00:00 RedHat Importer Affected by VCID-3qb5-8p8w-gkad https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27921.json 38.0.0
2026-04-01T14:02:36.492068+00:00 RedHat Importer Affected by VCID-vyzt-df2u-h3cc https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28678.json 38.0.0
2026-04-01T14:02:36.465607+00:00 RedHat Importer Affected by VCID-aubw-tsmn-ffcq https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28677.json 38.0.0
2026-04-01T14:02:36.441187+00:00 RedHat Importer Affected by VCID-xesd-d294-7fcx https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28676.json 38.0.0
2026-04-01T14:02:36.413893+00:00 RedHat Importer Affected by VCID-3uk9-eds5-rkgc https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28675.json 38.0.0
2026-04-01T14:02:36.389510+00:00 RedHat Importer Affected by VCID-ue18-zzau-x7hy https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25288.json 38.0.0
2026-04-01T14:02:36.365257+00:00 RedHat Importer Affected by VCID-n1w5-f5p7-xuhb https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25287.json 38.0.0
2026-04-01T14:01:53.765467+00:00 RedHat Importer Affected by VCID-w9uy-fnpm-cbak https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34552.json 38.0.0