Search for packages
| purl | pkg:deb/debian/pillow@8.1.2%2Bdfsg-0.3%2Bdeb11u1 |
| Tags | Ghost |
| Next non-vulnerable version | 9.4.0-1.1+deb12u1 |
| Latest non-vulnerable version | 9.4.0-1.1+deb12u1 |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-bnjc-ytj1-aaaq
Aliases: BIT-2021-23437 BIT-pillow-2021-23437 CVE-2021-23437 GHSA-98vv-pw6r-q6q4 PYSEC-2021-317 SNYK-PYTHON-PILLOW-1319443 |
The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function. |
Affected by 3 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-frct-6cfh-aaae
Aliases: BIT-2022-24303 BIT-pillow-2022-24303 CVE-2022-24303 GHSA-9j59-75qj-795w GMS-2022-348 PYSEC-2022-168 |
Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled. |
Affected by 3 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-rhnd-s6hv-aaar
Aliases: BIT-2022-45198 BIT-pillow-2022-45198 CVE-2022-45198 GHSA-m2vv-5vj5-2hm7 PYSEC-2022-42979 |
Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification). |
Affected by 3 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-vyep-db8n-aaar
Aliases: BIT-pillow-2023-44271 CVE-2023-44271 GHSA-8ghj-p4vj-mr35 PYSEC-2023-227 |
An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. |
Affected by 3 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-ydt8-c1kr-aaak
Aliases: CVE-2023-50447 GHSA-3f63-hfp8-52jq |
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter). |
Affected by 3 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2024-05-20T15:07:32.583793+00:00 | Debian Importer | Affected by | VCID-ydt8-c1kr-aaak | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc4 |
| 2024-04-26T05:20:52.469479+00:00 | Debian Importer | Affected by | VCID-vyep-db8n-aaar | None | 34.0.0rc4 |
| 2024-04-26T05:20:49.012062+00:00 | Debian Importer | Affected by | VCID-vyep-db8n-aaar | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc4 |
| 2024-04-25T21:40:39.747599+00:00 | Debian Importer | Affected by | VCID-rhnd-s6hv-aaar | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc4 |
| 2024-04-25T21:40:38.185115+00:00 | Debian Importer | Affected by | VCID-rhnd-s6hv-aaar | None | 34.0.0rc4 |
| 2024-04-25T12:36:54.822735+00:00 | Debian Importer | Affected by | VCID-frct-6cfh-aaae | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc4 |
| 2024-04-25T12:36:53.273612+00:00 | Debian Importer | Affected by | VCID-frct-6cfh-aaae | None | 34.0.0rc4 |
| 2024-04-24T22:08:18.420327+00:00 | Debian Importer | Fixing | VCID-zvvz-7rud-aaae | None | 34.0.0rc4 |
| 2024-04-24T22:08:17.629643+00:00 | Debian Importer | Fixing | VCID-zvvz-7rud-aaae | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc4 |
| 2024-04-24T22:08:04.386507+00:00 | Debian Importer | Fixing | VCID-exhd-udnk-aaah | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc4 |
| 2024-04-24T22:08:03.614204+00:00 | Debian Importer | Fixing | VCID-exhd-udnk-aaah | None | 34.0.0rc4 |
| 2024-04-24T21:56:35.969399+00:00 | Debian Importer | Fixing | VCID-1baj-rk3p-aaae | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc4 |
| 2024-04-24T21:56:35.166578+00:00 | Debian Importer | Fixing | VCID-1baj-rk3p-aaae | None | 34.0.0rc4 |
| 2024-04-24T21:56:26.828243+00:00 | Debian Importer | Fixing | VCID-sbr2-5baf-aaaf | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc4 |
| 2024-04-24T21:56:21.373047+00:00 | Debian Importer | Fixing | VCID-sbr2-5baf-aaaf | None | 34.0.0rc4 |
| 2024-04-24T21:56:06.798991+00:00 | Debian Importer | Fixing | VCID-nf4x-jfmp-aaak | None | 34.0.0rc4 |
| 2024-04-24T21:56:06.039910+00:00 | Debian Importer | Fixing | VCID-nf4x-jfmp-aaak | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc4 |
| 2024-04-24T21:55:55.916024+00:00 | Debian Importer | Fixing | VCID-mwb8-9e71-aaaj | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc4 |
| 2024-04-24T21:55:49.974746+00:00 | Debian Importer | Fixing | VCID-mwb8-9e71-aaaj | None | 34.0.0rc4 |
| 2024-04-24T21:47:20.926959+00:00 | Debian Importer | Affected by | VCID-bnjc-ytj1-aaaq | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc4 |
| 2024-04-24T21:47:20.170459+00:00 | Debian Importer | Affected by | VCID-bnjc-ytj1-aaaq | None | 34.0.0rc4 |
| 2024-04-24T17:02:17.258095+00:00 | Debian Importer | Fixing | VCID-sms2-hnwp-aaan | None | 34.0.0rc4 |
| 2024-04-24T17:02:16.487182+00:00 | Debian Importer | Fixing | VCID-sms2-hnwp-aaan | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc4 |
| 2024-01-12T07:53:09.604102+00:00 | Debian Importer | Affected by | VCID-rhnd-s6hv-aaar | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc2 |
| 2024-01-12T07:53:07.989053+00:00 | Debian Importer | Affected by | VCID-rhnd-s6hv-aaar | None | 34.0.0rc2 |
| 2024-01-11T14:29:30.764233+00:00 | Debian Importer | Affected by | VCID-frct-6cfh-aaae | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc2 |
| 2024-01-11T14:29:27.683349+00:00 | Debian Importer | Affected by | VCID-frct-6cfh-aaae | None | 34.0.0rc2 |
| 2024-01-10T22:57:36.471891+00:00 | Debian Importer | Fixing | VCID-zvvz-7rud-aaae | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc2 |
| 2024-01-10T22:57:26.996137+00:00 | Debian Importer | Fixing | VCID-zvvz-7rud-aaae | None | 34.0.0rc2 |
| 2024-01-10T22:57:20.853753+00:00 | Debian Importer | Fixing | VCID-exhd-udnk-aaah | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc2 |
| 2024-01-10T22:57:07.718853+00:00 | Debian Importer | Fixing | VCID-exhd-udnk-aaah | None | 34.0.0rc2 |
| 2024-01-10T22:45:53.627346+00:00 | Debian Importer | Fixing | VCID-1baj-rk3p-aaae | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc2 |
| 2024-01-10T22:45:52.856648+00:00 | Debian Importer | Fixing | VCID-1baj-rk3p-aaae | None | 34.0.0rc2 |
| 2024-01-10T22:45:49.962327+00:00 | Debian Importer | Fixing | VCID-sbr2-5baf-aaaf | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc2 |
| 2024-01-10T22:45:39.689662+00:00 | Debian Importer | Fixing | VCID-sbr2-5baf-aaaf | None | 34.0.0rc2 |
| 2024-01-10T22:45:34.662997+00:00 | Debian Importer | Fixing | VCID-nf4x-jfmp-aaak | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc2 |
| 2024-01-10T22:45:26.407961+00:00 | Debian Importer | Fixing | VCID-nf4x-jfmp-aaak | None | 34.0.0rc2 |
| 2024-01-10T22:45:25.606942+00:00 | Debian Importer | Fixing | VCID-mwb8-9e71-aaaj | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc2 |
| 2024-01-10T22:45:13.932222+00:00 | Debian Importer | Fixing | VCID-mwb8-9e71-aaaj | None | 34.0.0rc2 |
| 2024-01-10T22:41:25.249336+00:00 | Debian Importer | Affected by | VCID-bnjc-ytj1-aaaq | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc2 |
| 2024-01-10T22:41:24.468512+00:00 | Debian Importer | Affected by | VCID-bnjc-ytj1-aaaq | None | 34.0.0rc2 |
| 2024-01-10T18:59:02.421119+00:00 | Debian Importer | Fixing | VCID-sms2-hnwp-aaan | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc2 |
| 2024-01-10T18:58:53.092714+00:00 | Debian Importer | Fixing | VCID-sms2-hnwp-aaan | None | 34.0.0rc2 |
| 2024-01-05T09:51:42.922524+00:00 | Debian Importer | Affected by | VCID-vyep-db8n-aaar | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc1 |
| 2024-01-05T09:51:42.069482+00:00 | Debian Importer | Affected by | VCID-vyep-db8n-aaar | None | 34.0.0rc1 |
| 2024-01-05T05:49:03.079034+00:00 | Debian Importer | Affected by | VCID-rhnd-s6hv-aaar | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc1 |
| 2024-01-05T05:49:01.492514+00:00 | Debian Importer | Affected by | VCID-rhnd-s6hv-aaar | None | 34.0.0rc1 |
| 2024-01-05T00:00:37.679891+00:00 | Debian Importer | Affected by | VCID-frct-6cfh-aaae | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc1 |
| 2024-01-05T00:00:34.309060+00:00 | Debian Importer | Affected by | VCID-frct-6cfh-aaae | None | 34.0.0rc1 |
| 2024-01-04T12:06:16.566396+00:00 | Debian Importer | Fixing | VCID-zvvz-7rud-aaae | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc1 |
| 2024-01-04T12:06:09.449721+00:00 | Debian Importer | Fixing | VCID-zvvz-7rud-aaae | None | 34.0.0rc1 |
| 2024-01-04T12:06:04.001124+00:00 | Debian Importer | Fixing | VCID-exhd-udnk-aaah | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc1 |
| 2024-01-04T12:05:57.470898+00:00 | Debian Importer | Fixing | VCID-exhd-udnk-aaah | None | 34.0.0rc1 |
| 2024-01-04T11:56:10.103821+00:00 | Debian Importer | Fixing | VCID-1baj-rk3p-aaae | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc1 |
| 2024-01-04T11:56:09.302330+00:00 | Debian Importer | Fixing | VCID-1baj-rk3p-aaae | None | 34.0.0rc1 |
| 2024-01-04T11:56:06.434428+00:00 | Debian Importer | Fixing | VCID-sbr2-5baf-aaaf | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc1 |
| 2024-01-04T11:55:56.806379+00:00 | Debian Importer | Fixing | VCID-sbr2-5baf-aaaf | None | 34.0.0rc1 |
| 2024-01-04T11:55:51.864207+00:00 | Debian Importer | Fixing | VCID-nf4x-jfmp-aaak | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc1 |
| 2024-01-04T11:55:43.921263+00:00 | Debian Importer | Fixing | VCID-nf4x-jfmp-aaak | None | 34.0.0rc1 |
| 2024-01-04T11:55:43.158654+00:00 | Debian Importer | Fixing | VCID-mwb8-9e71-aaaj | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc1 |
| 2024-01-04T11:55:31.811333+00:00 | Debian Importer | Fixing | VCID-mwb8-9e71-aaaj | None | 34.0.0rc1 |
| 2024-01-04T11:51:54.545619+00:00 | Debian Importer | Affected by | VCID-bnjc-ytj1-aaaq | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc1 |
| 2024-01-04T11:51:53.721209+00:00 | Debian Importer | Affected by | VCID-bnjc-ytj1-aaaq | None | 34.0.0rc1 |
| 2024-01-04T08:27:57.326169+00:00 | Debian Importer | Fixing | VCID-sms2-hnwp-aaan | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc1 |
| 2024-01-04T08:27:48.555667+00:00 | Debian Importer | Fixing | VCID-sms2-hnwp-aaan | None | 34.0.0rc1 |