Safety vulnerability ID: 72602
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Affected versions of Pillow-simd are vulnerable due to improper handling in the `PIL.ImageMath.eval` function, which allows the evaluation of arbitrary expressions, including those that utilize the Python `exec` method. An attacker could exploit this by executing arbitrary code by using a lambda expression or other malicious input.
Latest version: 9.5.0.post2
Python Imaging Library (Fork)
------------------
- Restrict builtins for ImageMath.eval(). CVE TBD 5923
[radarhere]
- Ensure JpegImagePlugin stops at the end of a truncated file 5921
[radarhere]
- Fixed ImagePath.Path array handling. CVEs TBD 5920
[radarhere]
- Remove consecutive duplicate tiles that only differ by their offset 5919
[radarhere]
- Improved I;16 operations on big endian 5901
[radarhere]
- Limit quantized palette to number of colors 5879
[radarhere]
- Fixed palette index for zeroed color in FASTOCTREE quantize 5869
[radarhere]
- When saving RGBA to GIF, make use of first transparent palette entry 5859
[radarhere]
- Pass SAMPLEFORMAT to libtiff 5848
[radarhere]
- Added rounding when converting P and PA 5824
[radarhere]
- Improved putdata() documentation and data handling 5910
[radarhere]
- Exclude carriage return in PDF regex to help prevent ReDoS 5912
[hugovk]
- Fixed freeing pointer in ImageDraw.Outline.transform 5909
[radarhere]
- Added ImageShow support for xdg-open 5897
[m-shinder, radarhere]
- Support 16-bit grayscale ImageQt conversion 5856
[cmbruns, radarhere]
- Convert subsequent GIF frames to RGB or RGBA 5857
[radarhere]
- Do not prematurely return in ImageFile when saving to stdout 5665
[infmagic2047, radarhere]
- Added support for top right and bottom right TGA orientations 5829
[radarhere]
- Corrected ICNS file length in header 5845
[radarhere]
- Block tile TIFF tags when saving 5839
[radarhere]
- Added line width argument to polygon 5694
[radarhere]
- Do not redeclare class each time when converting to NumPy 5844
[radarhere]
- Only prevent repeated polygon pixels when drawing with transparency 5835
[radarhere]
- Add support for pickling TrueType fonts 5826
[hugovk, radarhere]
- Only prefer command line tools SDK on macOS over default MacOSX SDK 5828
[radarhere]
- Drop support for soon-EOL Python 3.6 5768
[hugovk, nulano, radarhere]
- Fix compilation on 64-bit Termux 5793
[landfillbaby]
- Use title for display in ImageShow 5788
[radarhere]
- Remove support for FreeType 2.7 and older 5777
[hugovk, radarhere]
- Fix for PyQt6 5775
[hugovk, radarhere]
- Removed deprecated PILLOW_VERSION, Image.show command parameter, Image._showxv and ImageFile.raise_ioerror 5776
[radarhere]
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application