Search for packages
| purl | pkg:pypi/pillow@9.3.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-5557-vu7d-aaaa
Aliases: CVE-2023-4863 GHSA-j7hp-h8jx-5ppr |
Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) |
Affected by 2 other vulnerabilities. |
|
VCID-9rup-wxea-aaab
Aliases: GHSA-56pw-mpj4-fxww GMS-2023-3137 |
Bundled libwebp in Pillow vulnerable |
Affected by 2 other vulnerabilities. |
|
VCID-j3u2-u8bx-aaam
Aliases: PYSEC-2023-175 |
Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863. imagecodecs v10.0.1 upgrades the bundled libwebp binary to v1.3.2. |
Affected by 2 other vulnerabilities. |
|
VCID-vyep-db8n-aaar
Aliases: BIT-pillow-2023-44271 CVE-2023-44271 GHSA-8ghj-p4vj-mr35 PYSEC-2023-227 |
An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. |
Affected by 5 other vulnerabilities. |
|
VCID-ydt8-c1kr-aaak
Aliases: CVE-2023-50447 GHSA-3f63-hfp8-52jq |
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter). |
Affected by 1 other vulnerability. |
|
VCID-zbbs-5sps-aaas
Aliases: CVE-2024-28219 GHSA-44wm-f244-xhp3 |
In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-fxbu-9mp4-aaap | Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL. |
BIT-2022-45199
BIT-pillow-2022-45199 CVE-2022-45199 GHSA-q4mp-jvh2-76fj PYSEC-2022-42980 |