Latest version: v11.0.0
| CVE/PVE | Vulnerability ID | Advisory | Affected versions | Severity | Severity Score |
|---|---|---|---|---|---|
| CVE-2014-3589 | 25932 |
Pillow versions affected versions include a fix for CVE-2014-3589: PI… |
|
MEDIUM | 5.0 |
| CVE-2022-45199 | 51886 |
Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL. ht… |
|
HIGH | 7.5 |
| CVE-2022-45198 | 51885 |
Pillow before 9.2.0 performs Improper Handling of Highly Compressed G… |
|
HIGH | 7.5 |
| PVE-2023-55182 | 55182 |
Pillow 9.3.0 includes a security fix: Pillow will now decode the data… |
|
- | - |
| CVE-2022-30595 | 49150 |
libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow … |
|
CRITICAL | 9.8 |
| CVE-2022-22817 | 44487 |
Pillow 9.0.1 includes a fix for CVE-2022-22817: PIL.ImageMath.eval in… |
|
CRITICAL | 9.8 |
| CVE-2022-24303 | 45356 |
Pillow before 9.0.1 allows attackers to delete files because spaces i… |
|
CRITICAL | 9.1 |
| CVE-2022-22815 | 44485 |
Pillow 9.0.0 includes a fix for CVE-2022-22815: path_getbbox in path.… |
|
MEDIUM | 6.5 |
| PVE-2022-44524 | 44524 |
Pillow 9.0.0 ensures JpegImagePlugin stops at the end of a truncated … |
|
HIDDEN | X.Y |
| PVE-2021-44525 | 44525 |
Pillow 9.0.0 excludes carriage return in PDF regex to help prevent Re… |
|
HIDDEN | X.Y |
| CVE-2022-22816 | 44486 |
Pillow 9.0.0 includes a fix for CVE-2022-22816: path_getbbox in path.… |
|
MEDIUM | 6.5 |
| CVE-2021-34552 | 40965 |
Pillow 8.3.0 includes a fix for CVE-2021-34552: Pillow through 8.2.0 … |
|
CRITICAL | 9.8 |
| CVE-2021-28677 | 40595 |
Pillow version 8.2.0 includes a fix for CVE-2021-28677: For EPS data,… |
|
HIGH | 7.5 |
| CVE-2021-28678 | 40596 |
Pillow version 8.2.0 includes a fix for CVE-2021-28678: For BLP data,… |
|
MEDIUM | 5.5 |
| CVE-2021-28676 | 40594 |
Pillow version 8.2.0 includes a fix for CVE-2021-28676: For FLI data,… |
|
HIGH | 7.5 |
| CVE-2021-25287 | 40592 |
Pillow 8.2.0 includes a fix for CVE-2021-25287: There is an out-of-bo… |
|
CRITICAL | 9.1 |
| CVE-2021-25288 | 40593 |
Pillow 8.2.0 includes a fix for CVE-2021-25288: There is an out-of-bo… |
|
CRITICAL | 9.1 |
| CVE-2021-27921 | 40263 |
Pillow 8.1.1 includes a fix for CVE-2021-27921: Pillow before 8.1.1 a… |
|
HIGH | 7.5 |
| CVE-2021-25289 | 40274 |
Pillow 8.1.1 includes a fix for CVE-2021-25289: TiffDecode has a heap… |
|
CRITICAL | 9.8 |
| CVE-2021-25290 | 40275 |
Pillow 8.1.1 includes a fix for CVE-2021-25290: In TiffDecode.c, ther… |
|
HIGH | 7.5 |
| CVE-2021-25292 | 40266 |
Pillow 8.1.1 includes a fix for CVE-2021-25292: The PDF parser allows… |
|
MEDIUM | 6.5 |
| CVE-2021-27922 | 40267 |
Pillow 8.1.1 includes a fix for CVE-2021-27922: Pillow before 8.1.1 a… |
|
HIGH | 7.5 |
| CVE-2021-25291 | 40272 |
Pillow 8.1.1 includes a fix for CVE-2021-25291: In TiffDecode.c, ther… |
|
HIGH | 7.5 |
| CVE-2021-25293 | 40273 |
Pillow 8.1.1 includes a fix for CVE-2021-25293: There is an out-of-bo… |
|
HIGH | 7.5 |
| CVE-2020-35653 | 40270 |
In Pillow before 8.1.0, PcxDecode has a buffer over-read when decodin… |
|
HIGH | 7.1 |
| CVE-2020-35654 | 40265 |
Pillow 8.1.0 fixes TIFF OOB Write error. CVE-2020-35654 #5175. |
|
HIGH | 8.8 |
| CVE-2020-35655 | 40271 |
Pillow 8.1.0 includes a fix for SGI Decode buffer overrun. CVE-2020-3… |
|
MEDIUM | 5.4 |
| CVE-2020-15999 | 40264 |
Pillow 8.0.1 updates 'FreeType' used in binary wheels to v2.10.4 to i… |
|
MEDIUM | 6.5 |
| CVE-2020-10379 | 38450 |
In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/… |
|
HIGH | 7.8 |
| CVE-2020-10378 | 38449 |
In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds re… |
|
MEDIUM | 5.5 |
| CVE-2020-10177 | 38448 |
Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/Fl… |
|
MEDIUM | 5.5 |
| CVE-2020-10994 | 38451 |
In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multip… |
|
MEDIUM | 5.5 |
| CVE-2020-11538 | 38452 |
In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out… |
|
HIGH | 8.1 |
| CVE-2020-5313 | 37782 |
libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overf… |
|
HIGH | 7.1 |
| CVE-2020-5310 | 37779 |
libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding in… |
|
HIGH | 8.8 |
| CVE-2019-19911 | 37772 |
There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImag… |
|
HIGH | 7.5 |
| CVE-2020-5312 | 37781 |
libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer… |
|
CRITICAL | 9.8 |
| CVE-2020-5311 | 37780 |
libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer ov… |
|
CRITICAL | 9.8 |
| CVE-2019-16865 | 44744 |
Pillow 6.2.0 includes a fix for CVE-2019-16865: An issue was discover… |
|
HIGH | 7.5 |
| CVE-2021-23437 | 41271 |
Pillow from 5.2.0 and before 8.3.2 is vulnerable to Regular Expressio… |
|
HIGH | 7.5 |
| CVE-2021-27923 | 40268 |
Pillow before 8.1.1 allows attackers to cause a denial of service (me… |
|
HIGH | 7.5 |
| CVE-2016-9189 | 33139 |
Pillow before 3.3.2 allows context-dependent attackers to obtain sens… |
|
MEDIUM | 5.5 |
| CVE-2016-9190 | 33138 |
Pillow before 3.3.2 allows context-dependent attackers to execute arb… |
|
HIGH | 7.8 |
| CVE-2016-3076 | 25943 |
pillow before 3.1.2 is vulnerable to an integer overflow in Jpeg2KEnc… |
|
MEDIUM | 5.5 |
| CVE-2016-2533 | 33136 |
Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pi… |
|
MEDIUM | 6.5 |
| CVE-2016-0740 | 33134 |
Buffer overflow in the ImagingLibTiffDecode function in libImaging/Ti… |
|
MEDIUM | 6.5 |
| CVE-2016-0775 | 33135 |
Buffer overflow in the ImagingFliDecode function in libImaging/FliDec… |
|
MEDIUM | 6.5 |
| CVE-2016-4009 | 33137 |
Integer overflow in the ImagingResampleHorizontal function in libImag… |
|
CRITICAL | 9.8 |
| CVE-2014-9601 | 25936 |
Pillow before 2.6.2 is vulnerable to a PNG decompression DoS (CVE-201… |
|
MEDIUM | 5.0 |
| CVE-2014-3598 | 25934 |
pillow before 2.5.3 is vulnerable to a DoS in the Jpeg2KImagePlugin. |
|
MEDIUM | 5.0 |
| CVE-2023-4863 | 61489 |
Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include … |
|
HIGH | 8.8 |
| CVE-2014-3007 | 38907 |
Pillow 2.5.0 includes a fix that prevents shell injection. https://gi… |
|
HIGH | 10.0 |
| CVE-2014-1933 | 39580 |
pillow before 2.3.1 makes insecure use of tempfile.mktemp (CVE-2014-1… |
|
LOW | 2.1 |
| CVE-2014-1932 | 25931 |
pillow before 2.3.1 makes insecure use of tempfile.mktemp (CVE-2014-1… |
|
MEDIUM | 4.4 |
| CVE-2024-28219 | 67136 |
Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 … |
|
- | - |
| PVE-2024-64437 | 64437 |
Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont… |
|
- | - |
| CVE-2023-50447 | 64436 |
Pillow is affected by an arbitrary code execution vulnerability. If a… |
|
HIGH | 8.1 |
| CVE-2023-44271 | 62156 |
Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service th… |
|
HIGH | 7.5 |
| CVE-2021-28675 | 54688 |
An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdIma… |
|
MEDIUM | 5.5 |