Search for packages
| purl | pkg:pypi/pillow@0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4wjc-1tuj-aaar
Aliases: CVE-2019-19911 GHSA-5gm3-px64-rw72 PYSEC-2020-172 PYSEC-2020-191 |
There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux running 64-bit Python this results in the process being terminated by the OOM killer. |
Affected by 40 other vulnerabilities. |
|
VCID-81yy-xgn8-aaan
Aliases: CVE-2016-9189 GHSA-rwr3-c2q8-gm56 PYSEC-2016-8 |
Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component. |
Affected by 46 other vulnerabilities. |
|
VCID-9hys-qqgb-aaan
Aliases: CVE-2016-2533 GHSA-3c5c-7235-994j PYSEC-2016-19 |
Buffer overflow in ImagingPcdDecode Buffer overflow in the `ImagingPcdDecode` function in `PcdDecode.c` allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file. |
Affected by 49 other vulnerabilities. |
|
VCID-bj5f-81jk-aaar
Aliases: BIT-2020-5310 BIT-pillow-2020-5310 CVE-2020-5310 GHSA-vcqg-3p29-xw73 PYSEC-2020-81 |
libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc. |
Affected by 40 other vulnerabilities. |
|
VCID-mchq-1526-aaad
Aliases: CVE-2016-4009 GHSA-hvr8-466p-75rh PYSEC-2016-7 |
Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow. |
Affected by 49 other vulnerabilities. |
|
VCID-mvs4-g3jg-aaaa
Aliases: BIT-2021-25289 BIT-pillow-2021-25289 CVE-2021-25289 GHSA-57h3-9rgr-c24m PYSEC-2021-35 |
An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654. |
Affected by 22 other vulnerabilities. |
|
VCID-ncsj-wt9v-aaah
Aliases: BIT-2020-35653 BIT-pillow-2020-35653 CVE-2020-35653 GHSA-f5g8-5qq7-938w PYSEC-2021-69 |
In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations. |
Affected by 30 other vulnerabilities. |
|
VCID-ntfy-6czr-aaan
Aliases: CVE-2016-0740 GHSA-hggx-3h72-49ww PYSEC-2016-5 |
Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file. |
Affected by 49 other vulnerabilities. |
|
VCID-vyep-db8n-aaar
Aliases: BIT-pillow-2023-44271 CVE-2023-44271 GHSA-8ghj-p4vj-mr35 PYSEC-2023-227 |
An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. |
Affected by 5 other vulnerabilities. |
|
VCID-z2ep-c7vk-aaah
Aliases: BIT-2021-25290 BIT-pillow-2021-25290 CVE-2021-25290 GHSA-8xjq-8fcg-g5hw PYSEC-2021-36 |
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size. |
Affected by 22 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2024-10-10T09:50:22.582956+00:00 | GHSA Importer | Affected by | VCID-ntfy-6czr-aaan | https://github.com/advisories/GHSA-hggx-3h72-49ww | 34.0.2 |
| 2024-10-08T22:15:44.428897+00:00 | GHSA Importer | Affected by | VCID-z2ep-c7vk-aaah | https://github.com/advisories/GHSA-8xjq-8fcg-g5hw | 34.0.2 |
| 2024-10-08T22:15:44.249970+00:00 | GHSA Importer | Affected by | VCID-mvs4-g3jg-aaaa | https://github.com/advisories/GHSA-57h3-9rgr-c24m | 34.0.2 |
| 2024-10-08T22:07:56.118038+00:00 | GHSA Importer | Affected by | VCID-bj5f-81jk-aaar | https://github.com/advisories/GHSA-vcqg-3p29-xw73 | 34.0.2 |
| 2024-10-08T22:07:55.874738+00:00 | GHSA Importer | Affected by | VCID-ncsj-wt9v-aaah | https://github.com/advisories/GHSA-f5g8-5qq7-938w | 34.0.2 |
| 2024-10-08T22:07:54.753709+00:00 | GHSA Importer | Affected by | VCID-4wjc-1tuj-aaar | https://github.com/advisories/GHSA-5gm3-px64-rw72 | 34.0.2 |
| 2024-10-08T21:59:34.028605+00:00 | GHSA Importer | Affected by | VCID-81yy-xgn8-aaan | https://github.com/advisories/GHSA-rwr3-c2q8-gm56 | 34.0.2 |
| 2024-10-08T21:59:33.905057+00:00 | GHSA Importer | Affected by | VCID-mchq-1526-aaad | https://github.com/advisories/GHSA-hvr8-466p-75rh | 34.0.2 |
| 2024-10-08T21:59:33.801049+00:00 | GHSA Importer | Affected by | VCID-9hys-qqgb-aaan | https://github.com/advisories/GHSA-3c5c-7235-994j | 34.0.2 |
| 2024-09-17T22:13:32.124527+00:00 | GHSA Importer | Affected by | VCID-vyep-db8n-aaar | https://github.com/advisories/GHSA-8ghj-p4vj-mr35 | 34.0.1 |
| 2024-04-23T17:41:27.386117+00:00 | GHSA Importer | Affected by | VCID-vyep-db8n-aaar | https://github.com/advisories/GHSA-8ghj-p4vj-mr35 | 34.0.0rc4 |
| 2024-01-19T20:15:34.402857+00:00 | GHSA Importer | Affected by | VCID-vyep-db8n-aaar | https://github.com/advisories/GHSA-8ghj-p4vj-mr35 | 34.0.0rc2 |
| 2024-01-03T17:43:43.364628+00:00 | GHSA Importer | Affected by | VCID-vyep-db8n-aaar | https://github.com/advisories/GHSA-8ghj-p4vj-mr35 | 34.0.0rc1 |