Search for packages
| purl | pkg:pypi/pillow@0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-5wm9-zath-x7dy
Aliases: CVE-2019-19911 GHSA-5gm3-px64-rw72 PYSEC-2020-172 |
There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux running 64-bit Python this results in the process being terminated by the OOM killer. |
Affected by 37 other vulnerabilities. |
|
VCID-9865-t7wz-gqgw
Aliases: CVE-2016-9189 GHSA-rwr3-c2q8-gm56 PYSEC-2016-8 |
Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component. |
Affected by 44 other vulnerabilities. |
|
VCID-cpms-qu5p-bffb
Aliases: BIT-pillow-2020-35653 CVE-2020-35653 GHSA-f5g8-5qq7-938w PYSEC-2021-69 |
In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations. |
Affected by 29 other vulnerabilities. |
|
VCID-e51c-zvqh-bbdk
Aliases: BIT-pillow-2021-25290 CVE-2021-25290 GHSA-8xjq-8fcg-g5hw PYSEC-2021-36 |
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size. |
Affected by 24 other vulnerabilities. |
|
VCID-eaaj-uw3r-jqf3
Aliases: CVE-2016-0740 GHSA-hggx-3h72-49ww PYSEC-2016-5 |
Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file. |
Affected by 47 other vulnerabilities. |
|
VCID-egyy-erjx-tuey
Aliases: BIT-pillow-2021-25289 CVE-2021-25289 GHSA-57h3-9rgr-c24m PYSEC-2021-35 |
An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654. |
Affected by 24 other vulnerabilities. |
|
VCID-uvwy-jm9c-v7ev
Aliases: CVE-2016-2533 GHSA-3c5c-7235-994j PYSEC-2016-19 |
Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file. |
Affected by 47 other vulnerabilities. |
|
VCID-v8cj-pcn6-juff
Aliases: BIT-pillow-2023-44271 CVE-2023-44271 GHSA-8ghj-p4vj-mr35 PYSEC-2023-227 |
An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. |
Affected by 5 other vulnerabilities. |
|
VCID-ztzc-n13b-5fcw
Aliases: CVE-2016-4009 GHSA-hvr8-466p-75rh PYSEC-2016-7 |
Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow. |
Affected by 47 other vulnerabilities. |
|
VCID-zv8x-5snd-f3e3
Aliases: BIT-pillow-2020-5310 CVE-2020-5310 GHSA-vcqg-3p29-xw73 PYSEC-2020-81 |
libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc. |
Affected by 37 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-08-01T13:42:38.144570+00:00 | GHSA Importer | Affected by | VCID-v8cj-pcn6-juff | https://github.com/advisories/GHSA-8ghj-p4vj-mr35 | 37.0.0 |
| 2025-08-01T13:39:57.684935+00:00 | GHSA Importer | Affected by | VCID-zv8x-5snd-f3e3 | https://github.com/advisories/GHSA-vcqg-3p29-xw73 | 37.0.0 |
| 2025-08-01T13:37:14.981508+00:00 | GHSA Importer | Affected by | VCID-e51c-zvqh-bbdk | https://github.com/advisories/GHSA-8xjq-8fcg-g5hw | 37.0.0 |
| 2025-08-01T13:37:14.907165+00:00 | GHSA Importer | Affected by | VCID-egyy-erjx-tuey | https://github.com/advisories/GHSA-57h3-9rgr-c24m | 37.0.0 |
| 2025-08-01T13:37:08.523869+00:00 | GHSA Importer | Affected by | VCID-cpms-qu5p-bffb | https://github.com/advisories/GHSA-f5g8-5qq7-938w | 37.0.0 |
| 2025-07-31T12:29:08.364936+00:00 | GHSA Importer | Affected by | VCID-5wm9-zath-x7dy | https://github.com/advisories/GHSA-5gm3-px64-rw72 | 37.0.0 |
| 2025-07-31T12:27:21.444610+00:00 | GHSA Importer | Affected by | VCID-ztzc-n13b-5fcw | https://github.com/advisories/GHSA-hvr8-466p-75rh | 37.0.0 |
| 2025-07-31T12:27:21.372112+00:00 | GHSA Importer | Affected by | VCID-uvwy-jm9c-v7ev | https://github.com/advisories/GHSA-3c5c-7235-994j | 37.0.0 |
| 2025-07-31T12:27:21.231579+00:00 | GHSA Importer | Affected by | VCID-9865-t7wz-gqgw | https://github.com/advisories/GHSA-rwr3-c2q8-gm56 | 37.0.0 |
| 2025-07-31T12:27:20.941098+00:00 | GHSA Importer | Affected by | VCID-eaaj-uw3r-jqf3 | https://github.com/advisories/GHSA-hggx-3h72-49ww | 37.0.0 |