Filtered by vendor Python Subscriptions
Filtered by product Pillow Subscriptions
Total 52 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-25287 3 Fedoraproject, Python, Redhat 3 Fedora, Pillow, Enterprise Linux 2024-08-03 9.1 Critical
An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.
CVE-2021-25290 3 Debian, Python, Redhat 4 Debian Linux, Pillow, Enterprise Linux and 1 more 2024-08-03 7.5 High
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.
CVE-2021-25288 3 Fedoraproject, Python, Redhat 3 Fedora, Pillow, Enterprise Linux 2024-08-03 9.1 Critical
An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i.
CVE-2021-25291 2 Python, Redhat 2 Pillow, Quay 2024-08-03 7.5 High
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.
CVE-2022-45199 1 Python 1 Pillow 2024-08-03 7.5 High
Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.
CVE-2022-45198 1 Python 1 Pillow 2024-08-03 7.5 High
Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).
CVE-2022-30595 1 Python 1 Pillow 2024-08-03 9.8 Critical
libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files.
CVE-2022-24303 2 Fedoraproject, Python 2 Fedora, Pillow 2024-08-03 9.1 Critical
Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.
CVE-2022-22816 3 Debian, Python, Redhat 5 Debian Linux, Pillow, Enterprise Linux and 2 more 2024-08-03 6.5 Medium
path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.
CVE-2022-22815 3 Debian, Python, Redhat 3 Debian Linux, Pillow, Enterprise Linux 2024-08-03 6.5 Medium
path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.
CVE-2023-50447 3 Debian, Python, Redhat 8 Debian Linux, Pillow, Ansible Automation Platform and 5 more 2024-08-02 8.1 High
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).
CVE-2023-44271 3 Fedoraproject, Python, Redhat 4 Fedora, Pillow, Ansible Automation Platform and 1 more 2024-08-02 7.5 High
An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.