Search for packages
| purl | pkg:pypi/pillow@8.3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4qfp-jk4u-aaaf
Aliases: GHSA-4fx9-vc88-q2xc GMS-2022-347 |
Infinite loop in Pillow |
Affected by 10 other vulnerabilities. |
|
VCID-5557-vu7d-aaaa
Aliases: CVE-2023-4863 GHSA-j7hp-h8jx-5ppr |
Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) |
Affected by 2 other vulnerabilities. |
|
VCID-74p8-mazs-aaae
Aliases: BIT-2022-22816 BIT-pillow-2022-22816 CVE-2022-22816 GHSA-xrcv-f9gm-v42c PYSEC-2022-9 |
path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. |
Affected by 10 other vulnerabilities. |
|
VCID-9rup-wxea-aaab
Aliases: GHSA-56pw-mpj4-fxww GMS-2023-3137 |
Bundled libwebp in Pillow vulnerable |
Affected by 2 other vulnerabilities. |
|
VCID-ar3g-bygk-aaan
Aliases: BIT-2022-22817 BIT-pillow-2022-22817 CVE-2022-22817 GHSA-8vj2-vxx3-667w PYSEC-2022-10 |
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used. |
Affected by 10 other vulnerabilities. Affected by 8 other vulnerabilities. |
|
VCID-bnjc-ytj1-aaaq
Aliases: BIT-2021-23437 BIT-pillow-2021-23437 CVE-2021-23437 GHSA-98vv-pw6r-q6q4 PYSEC-2021-317 SNYK-PYTHON-PILLOW-1319443 |
The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function. |
Affected by 13 other vulnerabilities. |
|
VCID-frct-6cfh-aaae
Aliases: BIT-2022-24303 BIT-pillow-2022-24303 CVE-2022-24303 GHSA-9j59-75qj-795w GMS-2022-348 PYSEC-2022-168 |
Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled. |
Affected by 8 other vulnerabilities. |
|
VCID-fxbu-9mp4-aaap
Aliases: BIT-2022-45199 BIT-pillow-2022-45199 CVE-2022-45199 GHSA-q4mp-jvh2-76fj PYSEC-2022-42980 |
Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL. |
Affected by 6 other vulnerabilities. |
|
VCID-htzr-e6cg-aaar
Aliases: BIT-2022-22815 BIT-pillow-2022-22815 CVE-2022-22815 GHSA-pw3c-h7wp-cvhx PYSEC-2022-8 |
path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. |
Affected by 10 other vulnerabilities. |
|
VCID-j3u2-u8bx-aaam
Aliases: PYSEC-2023-175 |
Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863. imagecodecs v10.0.1 upgrades the bundled libwebp binary to v1.3.2. |
Affected by 2 other vulnerabilities. |
|
VCID-rhnd-s6hv-aaar
Aliases: BIT-2022-45198 BIT-pillow-2022-45198 CVE-2022-45198 GHSA-m2vv-5vj5-2hm7 PYSEC-2022-42979 |
Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification). |
Affected by 7 other vulnerabilities. |
|
VCID-vyep-db8n-aaar
Aliases: BIT-pillow-2023-44271 CVE-2023-44271 GHSA-8ghj-p4vj-mr35 PYSEC-2023-227 |
An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. |
Affected by 5 other vulnerabilities. |
|
VCID-ydt8-c1kr-aaak
Aliases: CVE-2023-50447 GHSA-3f63-hfp8-52jq |
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter). |
Affected by 1 other vulnerability. |
|
VCID-zbbs-5sps-aaas
Aliases: CVE-2024-28219 GHSA-44wm-f244-xhp3 |
In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||