VulnerableCode Package Details - pkg:pypi/pillow@10.2.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-zbbs-5sps-aaas Aliases: CVE-2024-28219 GHSA-44wm-f244-xhp3	In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.	10.3.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-zbbs-5sps-aaas
Aliases:
CVE-2024-28219
GHSA-44wm-f244-xhp3

In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.

10.3.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-ydt8-c1kr-aaak	Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).	CVE-2023-50447 GHSA-3f63-hfp8-52jq

Vulnerability

Summary

Aliases

VCID-ydt8-c1kr-aaak

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).

CVE-2023-50447
GHSA-3f63-hfp8-52jq

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-20T16:56:13.574097+00:00	GitLab Importer	Affected by	VCID-zbbs-5sps-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2024-28219.yml	36.1.3
2025-06-20T16:51:16.975732+00:00	GitLab Importer	Fixing	VCID-ydt8-c1kr-aaak	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-50447.yml	36.1.3
2025-06-03T23:33:02.761687+00:00	GitLab Importer	Affected by	VCID-zbbs-5sps-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2024-28219.yml	36.1.0
2025-06-03T23:28:37.382296+00:00	GitLab Importer	Fixing	VCID-ydt8-c1kr-aaak	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-50447.yml	36.1.0
2025-06-02T23:30:56.584112+00:00	GitLab Importer	Affected by	VCID-zbbs-5sps-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2024-28219.yml	36.1.2
2025-06-02T23:26:16.438409+00:00	GitLab Importer	Fixing	VCID-ydt8-c1kr-aaak	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-50447.yml	36.1.2
2025-04-03T22:01:40.290605+00:00	GitLab Importer	Affected by	VCID-zbbs-5sps-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2024-28219.yml	36.0.0
2025-04-03T21:51:53.667005+00:00	GitLab Importer	Fixing	VCID-ydt8-c1kr-aaak	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-50447.yml	36.0.0
2025-02-18T03:52:08.940199+00:00	GitLab Importer	Affected by	VCID-zbbs-5sps-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2024-28219.yml	35.1.0
2025-02-18T03:42:02.358063+00:00	GitLab Importer	Fixing	VCID-ydt8-c1kr-aaak	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-50447.yml	35.1.0
2024-11-22T06:16:22.840997+00:00	GithubOSV Importer	Fixing	VCID-ydt8-c1kr-aaak	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-3f63-hfp8-52jq/GHSA-3f63-hfp8-52jq.json	35.0.0
2024-11-21T01:05:09.578755+00:00	GitLab Importer	Affected by	VCID-zbbs-5sps-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2024-28219.yml	35.0.0
2024-11-21T00:59:54.805622+00:00	GitLab Importer	Fixing	VCID-ydt8-c1kr-aaak	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-50447.yml	35.0.0
2024-11-19T19:44:47.319029+00:00	GHSA Importer	Fixing	VCID-ydt8-c1kr-aaak	https://github.com/advisories/GHSA-3f63-hfp8-52jq	34.3.2
2024-11-19T00:54:13.851103+00:00	GitLab Importer	Affected by	VCID-zbbs-5sps-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2024-28219.yml	34.3.2
2024-11-19T00:48:32.679506+00:00	GitLab Importer	Fixing	VCID-ydt8-c1kr-aaak	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-50447.yml	34.3.2
2024-10-15T19:18:03.137777+00:00	GithubOSV Importer	Fixing	VCID-ydt8-c1kr-aaak	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-3f63-hfp8-52jq/GHSA-3f63-hfp8-52jq.json	34.0.2
2024-10-08T01:25:05.678119+00:00	GitLab Importer	Affected by	VCID-zbbs-5sps-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2024-28219.yml	34.0.2
2024-10-08T01:20:27.395529+00:00	GitLab Importer	Fixing	VCID-ydt8-c1kr-aaak	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-50447.yml	34.0.2
2024-10-07T22:08:55.151539+00:00	GHSA Importer	Affected by	VCID-zbbs-5sps-aaas	https://github.com/advisories/GHSA-44wm-f244-xhp3	34.0.2
2024-10-07T21:49:12.691690+00:00	GHSA Importer	Fixing	VCID-ydt8-c1kr-aaak	https://github.com/advisories/GHSA-3f63-hfp8-52jq	34.0.2
2024-09-23T01:29:57.503278+00:00	GitLab Importer	Affected by	VCID-zbbs-5sps-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2024-28219.yml	34.0.1
2024-09-22T22:36:08.771694+00:00	GHSA Importer	Affected by	VCID-zbbs-5sps-aaas	https://github.com/advisories/GHSA-44wm-f244-xhp3	34.0.1
2024-09-18T09:21:22.569242+00:00	GithubOSV Importer	Fixing	VCID-ydt8-c1kr-aaak	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-3f63-hfp8-52jq/GHSA-3f63-hfp8-52jq.json	34.0.1
2024-09-17T22:27:03.673110+00:00	GitLab Importer	Fixing	VCID-ydt8-c1kr-aaak	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-50447.yml	34.0.1
2024-09-17T22:13:23.897248+00:00	GHSA Importer	Fixing	VCID-ydt8-c1kr-aaak	https://github.com/advisories/GHSA-3f63-hfp8-52jq	34.0.1
2024-05-18T00:35:07.749693+00:00	GitLab Importer	Affected by	VCID-zbbs-5sps-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2024-28219.yml	34.0.0rc4
2024-04-23T23:13:45.609311+00:00	GithubOSV Importer	Fixing	VCID-ydt8-c1kr-aaak	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-3f63-hfp8-52jq/GHSA-3f63-hfp8-52jq.json	34.0.0rc4
2024-04-23T17:43:03.418479+00:00	GitLab Importer	Fixing	VCID-ydt8-c1kr-aaak	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-50447.yml	34.0.0rc4
2024-04-23T17:41:26.940554+00:00	GHSA Importer	Fixing	VCID-ydt8-c1kr-aaak	https://github.com/advisories/GHSA-3f63-hfp8-52jq	34.0.0rc4
2024-01-22T23:38:01.773622+00:00	GHSA Importer	Fixing	VCID-ydt8-c1kr-aaak	https://github.com/advisories/GHSA-3f63-hfp8-52jq	34.0.0rc2