Latest python pillow Vulnerabilities

CVE-2023-50447
Pillow 10.2.0 released, fixes CVE-2023-50447
pip/Pillow<10.2.0
Python Pillow<=10.1.0
Debian Debian Linux=10.0
ubuntu/pillow<7.0.0-4ubuntu0.8
ubuntu/pillow<9.0.1-1ubuntu0.2
ubuntu/pillow<10.0.0-1ubuntu0.1
and 2 more
CVE-2023-44271
An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of ...
redhat/Pillow<10.0.0
pip/pillow>=0<10.0.0
Python Pillow<10.0.0
Fedoraproject Fedora=38
ubuntu/pillow<7.0.0-4ubuntu0.8
ubuntu/pillow<9.0.1-1ubuntu0.2
and 2 more
CVE-2022-45199
Pillow starting with 9.2.0 and prior to 9.3.0 allows denial of service via SAMPLESPERPIXEL. A large value in the SAMPLESPERPIXEL tag could lead to a memory and runtime DOS in TiffImagePlugin.py when s...
pip/pillow>=9.2.0<9.3.0
Python Pillow<9.3.0
CVE-2022-45198
Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).
pip/pillow<9.2.0
Python Pillow<9.2.0
CVE-2022-30595
libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files.
Python Pillow=9.1.0
pip/Pillow=9.1.0
CVE-2022-24303
Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.
pip/Pillow<9.0.1
Python Pillow<9.0.1
Fedoraproject Fedora=34
Fedoraproject Fedora=35
<9.0.1
=34
and 1 more
CVE-2022-22815
path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.
Python Pillow<9.0.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
debian/pillow
CVE-2022-22816
path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.
pip/Pillow<9.0.0
Python Pillow<9.0.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
debian/pillow
CVE-2022-22817
`PIL.ImageMath.eval` in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method `ImageMath.eval("exec(exit())")`. While Pillow 9.0.0 restricted to...
Python Pillow<9.0.1
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
debian/pillow
CVE-2021-23437
Regular Expression Denial of Service (ReDoS)
pip/pillow>=5.2.0<8.3.2
Python Pillow>=5.2.0<8.3.2
Fedoraproject Fedora=33
Fedoraproject Fedora=34
CVE-2021-34552
Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.
Python Pillow>=1.0<=1.1.7
Python Pillow>=1.2<=8.2.0
Debian Debian Linux=9.0
Fedoraproject Fedora=33
Fedoraproject Fedora=34
redhat/python-pillow<0:5.1.1-16.el8
CVE-2021-28677
A flaw was found in python-pillow. The readline used in EPS has to deal with any combination of \r and \n as line endings. It accidentally used a quadratic method of accumulating lines while looking f...
redhat/python-pillow<0:5.1.1-16.el8
Python Pillow<8.2.0
Fedoraproject Fedora=33
redhat/python-pillow<8.2.0
pip/Pillow<8.2.0
CVE-2021-25288
An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i.
redhat/python-pillow<0:5.1.1-16.el8
Python Pillow<8.2.0
Fedoraproject Fedora=33
CVE-2021-28675
An issue was discovered in Pillow before 8.2.0. `PSDImagePlugin.PsdImageFile` lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on `I...
pip/Pillow<8.2.0
redhat/python-pillow<0:5.1.1-16.el8
Python Pillow<8.2.0
Fedoraproject Fedora=33
CVE-2021-28678
An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder...
redhat/python-pillow<0:5.1.1-16.el8
Python Pillow<8.2.0
Fedoraproject Fedora=33
pip/Pillow>=5.1.0<8.2.0
CVE-2021-28676
An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load.
pip/Pillow<8.2.0
Python Pillow<8.2.0
Fedoraproject Fedora=33
redhat/python-pillow<8.2.0
redhat/python-pillow<0:5.1.1-16.el8
CVE-2021-25287
An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.
Python Pillow<8.2.0
Fedoraproject Fedora=33
redhat/python-pillow<0:5.1.1-16.el8
CVE-2021-27923
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempte...
pip/Pillow<8.1.1
redhat/python-pillow<8.1.2
redhat/python-pillow<0:5.1.1-16.el8
Python Pillow<8.1.1
Fedoraproject Fedora=32
Fedoraproject Fedora=33
and 1 more
CVE-2021-27921
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted...
pip/Pillow<8.1.1
redhat/python-pillow<8.1.2
redhat/python-pillow<0:5.1.1-16.el8
Python Pillow<8.1.1
Fedoraproject Fedora=32
Fedoraproject Fedora=33
and 1 more
CVE-2021-27922
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempt...
pip/Pillow<8.1.1
redhat/python-pillow<8.1.2
redhat/python-pillow<0:5.1.1-16.el8
Python Pillow<8.1.1
Fedoraproject Fedora=32
Fedoraproject Fedora=33
and 1 more
CVE-2021-25291
A flaw was found in python-pillow. Invalid tile boundaries could lead to an OOB Read in TiffReadRGBATile in TiffDecode.c.
Python Pillow<8.1.1
pip/Pillow<8.2.0
CVE-2021-25290
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.
redhat/python-pillow<0:5.1.1-16.el8
Python Pillow<8.1.1
Debian Debian Linux=9.0
pip/Pillow<8.1.1
CVE-2021-25289
A flaw was found in python-pillow. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. The previous fix...
Python Pillow<8.1.1
redhat/python-pillow<8.1.1
pip/Pillow=8.1.0
CVE-2021-25292
An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.
Python Pillow<8.1.1
redhat/python-pillow<0:5.1.1-16.el8
redhat/python-pillow<8.1.1
pip/Pillow>=5.1.0<8.1.1
CVE-2021-25293
A flaw was found in python-pillow. There is an Out of Bounds Read in SGIRleDecode.c.
redhat/python-pillow<0:5.1.1-16.el8
Python Pillow<8.1.1
redhat/python-pillow<8.1.1
pip/Pillow>=4.3.0<8.1.1
CVE-2020-35654
In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.
Python Pillow<8.1.0
Fedoraproject Fedora=32
Fedoraproject Fedora=33
redhat/python-pillow<8.1.0
pip/Pillow<8.1.0
ubuntu/pillow<7.0.0-4ubuntu0.2
and 3 more
CVE-2020-35655
A flaw was found in python-pillow. SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.
redhat/python-pillow<0:5.1.1-16.el8
Python Pillow>=4.3.0<8.1.0
Fedoraproject Fedora=32
Fedoraproject Fedora=33
redhat/python-pillow<8.1.0
pip/Pillow<8.1.0
and 5 more
CVE-2020-35653
In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.
pip/Pillow<8.1.0
redhat/python-pillow<0:5.1.1-16.el8
Python Pillow<8.1.0
Fedoraproject Fedora=32
Fedoraproject Fedora=33
Debian Debian Linux=9.0
and 8 more
CVE-2020-10378
A flaw was found in python-pillow. In libImaging/PcxDecode.c, an out-of-bounds read occurs when reading PCX files where state->shuffle is instructed to read beyond state->buffer.
pip/Pillow<7.1.0
Python Pillow<7.1.0
Fedoraproject Fedora=31
Fedoraproject Fedora=32
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
and 7 more
CVE-2020-11538
In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311.
redhat/python-pillow<0:5.1.1-12.el8_2
redhat/python-pillow<0:5.1.1-11.el8_0
redhat/python-pillow<0:5.1.1-11.el8_1
Python Pillow<=7.0.0
Fedoraproject Fedora=31
Fedoraproject Fedora=32
and 8 more
CVE-2020-10379
In Pillow before 6.2.3 and 7.x before 7.0.1, there are two Buffer Overflows in libImaging/TiffDecode.c. Pull Request: <a href="https://github.com/python-pillow/Pillow/pull/4538">https://github.com/p...
pip/Pillow<7.1.0
Python Pillow<7.1.0
Fedoraproject Fedora=31
Fedoraproject Fedora=32
Canonical Ubuntu Linux=20.04
redhat/python-pillow<7.1.0
and 3 more
CVE-2020-10177
A flaw was found in python-pillow. Multiple out-of-bounds reads occur in libImaging/FliDecode.c.
pip/Pillow<7.1.0
Python Pillow<7.1.0
Debian Debian Linux=9.0
Fedoraproject Fedora=31
Fedoraproject Fedora=32
Canonical Ubuntu Linux=16.04
and 9 more
CVE-2020-10994
An out-of-bounds read flaw was found in python-pillow in the way JP2 images are parsed. An application that uses python-pillow to decode untrusted images may be vulnerable to this issue. This flaw all...
pip/Pillow<7.1.0
Python Pillow<7.1.0
Fedoraproject Fedora=31
Fedoraproject Fedora=32
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
and 5 more
CVE-2020-5313
`libImaging/FliDecode.c` in Pillow before 6.2.2 has an FLI buffer overflow.
pip/Pillow<6.2.2
redhat/python-pillow<0:2.0.0-21.gitd1c6db8.el7
redhat/python-pillow<0:5.1.1-12.el8_2
Python Pillow<6.2.2
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=16.04
and 13 more
CVE-2019-19911
There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit P...
Python Pillow<6.2.2
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Fedoraproject Fedora=30
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=16.04
and 9 more
CVE-2020-5311
`libImaging/SgiRleDecode.c` in Pillow before 6.2.2 has an SGI buffer overflow.
pip/pillow<=6.2.1
redhat/python-pillow<0:5.1.1-10.el8_1
redhat/python-pillow<0:5.1.1-10.el8_0
Python Pillow<6.2.2
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=19.10
and 9 more
CVE-2020-5312
libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.
redhat/python-imaging<0:1.1.6-20.el6_10
redhat/python-pillow<0:2.0.0-20.gitd1c6db8.el7_7
redhat/python-pillow<0:5.1.1-10.el8_1
redhat/python-pillow<0:5.1.1-10.el8_0
Python Pillow<6.2.2
Canonical Ubuntu Linux=14.04
and 14 more
CVE-2020-5310
libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc.
Python Pillow<6.2.2
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=19.10
Fedoraproject Fedora=30
and 5 more
CVE-2019-16865
An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of tim...
redhat/python-pillow<0:2.0.0-20.gitd1c6db8.el7_7
redhat/python-pillow<0:5.1.1-10.el8_1
redhat/python-pillow<0:5.1.1-10.el8_0
Python Pillow<6.2.0
Fedoraproject Fedora=30
Fedoraproject Fedora=31
and 8 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203