Pillow

Latest version: v10.2.0

Vulnerabilities (58)

CVE/PVE Vulnerability ID Advisory Affected versions Severity Severity Score
CVE-2014-3589 25932

Pillow versions 2.3.2 and 2.5.2 include a fix for CVE-2014-3589: PIL/…

  • <2.3.2
  • >=2.5.0,<2.5.2
MEDIUM 5.0
CVE-2022-45199 51886

Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL. ht…

  • >=9.2.0,<9.3.0
HIGH 7.5
CVE-2022-45198 51885

Pillow before 9.2.0 performs Improper Handling of Highly Compressed G…

  • <9.2.0
HIGH 7.5
PVE-2023-55182 55182

Pillow 9.3.0 includes a security fix: Pillow will now decode the data…

  • >=9.1.0,<9.3.0
- -
CVE-2022-30595 49150

libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow …

  • >=9.1.0,<9.1.1
CRITICAL 9.8
CVE-2022-22817 44487

Pillow 9.0.1 includes a fix for CVE-2022-22817: PIL.ImageMath.eval in…

  • <9.0.1
CRITICAL 9.8
CVE-2022-24303 45356

Pillow before 9.0.1 allows attackers to delete files because spaces i…

  • <9.0.1
CRITICAL 9.1
CVE-2022-22816 44486

Pillow 9.0.0 includes a fix for CVE-2022-22816: path_getbbox in path.…

  • <9.0.0
MEDIUM 6.5
CVE-2022-22815 44485

Pillow 9.0.0 includes a fix for CVE-2022-22815: path_getbbox in path.…

  • <9.0.0
MEDIUM 6.5
PVE-2022-44524 44524

Pillow 9.0.0 ensures JpegImagePlugin stops at the end of a truncated …

  • <9.0.0
HIDDEN X.Y
PVE-2021-44525 44525

Pillow 9.0.0 excludes carriage return in PDF regex to help prevent Re…

  • <9.0.0
HIDDEN X.Y
CVE-2021-34552 40965

Pillow 8.3.0 includes a fix for CVE-2021-34552: Pillow through 8.2.0 …

  • <8.3.0
CRITICAL 9.8
CVE-2021-28678 40596

Pillow version 8.2.0 includes a fix for CVE-2021-28678: For BLP data,…

  • <8.2.0
MEDIUM 5.5
CVE-2021-28676 40594

Pillow version 8.2.0 includes a fix for CVE-2021-28676: For FLI data,…

  • <8.2.0
HIGH 7.5
CVE-2021-25287 40592

Pillow 8.2.0 includes a fix for CVE-2021-25287: There is an out-of-bo…

  • <8.2.0
CRITICAL 9.1
CVE-2021-25288 40593

Pillow 8.2.0 includes a fix for CVE-2021-25288: There is an out-of-bo…

  • <8.2.0
CRITICAL 9.1
CVE-2021-28677 40595

Pillow version 8.2.0 includes a fix for CVE-2021-28677: For EPS data,…

  • <8.2.0
HIGH 7.5
CVE-2021-27921 40263

Pillow 8.1.1 includes a fix for CVE-2021-27921: Pillow before 8.1.1 a…

  • <8.1.1
HIGH 7.5
CVE-2021-25289 40274

Pillow 8.1.1 includes a fix for CVE-2021-25289: TiffDecode has a heap…

  • <8.1.1
CRITICAL 9.8
CVE-2021-25292 40266

Pillow 8.1.1 includes a fix for CVE-2021-25292: The PDF parser allows…

  • <8.1.1
MEDIUM 6.5
CVE-2021-25293 40273

Pillow 8.1.1 includes a fix for CVE-2021-25293: There is an out-of-bo…

  • <8.1.1
HIGH 7.5
CVE-2021-25291 40272

Pillow 8.1.1 includes a fix for CVE-2021-25291: In TiffDecode.c, ther…

  • <8.1.1
HIGH 7.5
CVE-2021-25290 40275

Pillow 8.1.1 includes a fix for CVE-2021-25290: In TiffDecode.c, ther…

  • <8.1.1
HIGH 7.5
CVE-2021-27922 40267

Pillow 8.1.1 includes a fix for CVE-2021-27922: Pillow before 8.1.1 a…

  • <8.1.1
HIGH 7.5
CVE-2020-35653 40270

In Pillow before 8.1.0, PcxDecode has a buffer over-read when decodin…

  • <8.1.0
HIGH 7.1
CVE-2020-35654 40265

Pillow 8.1.0 fixes TIFF OOB Write error. CVE-2020-35654 #5175.

  • <8.1.0
HIGH 8.8
CVE-2020-35655 40271

Pillow 8.1.0 includes a fix for SGI Decode buffer overrun. CVE-2020-3…

  • <8.1.0
MEDIUM 5.4
CVE-2020-15999 40264

Pillow 8.0.1 updates 'FreeType' used in binary wheels to v2.10.4 to i…

  • <8.0.1
MEDIUM 6.5
CVE-2020-10994 38451

In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multip…

  • <7.1.0
MEDIUM 5.5
CVE-2020-10177 38448

Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/Fl…

  • <7.1.0
MEDIUM 5.5
CVE-2020-10378 38449

In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds re…

  • <7.1.0
MEDIUM 5.5
CVE-2020-10379 38450

In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/…

  • <7.1.0
HIGH 7.8
CVE-2020-11538 38452

In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out…

  • <=7.0.0
HIGH 8.1
CVE-2020-5310 37779

libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding in…

  • <6.2.2
HIGH 8.8
CVE-2019-19911 37772

There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImag…

  • <6.2.2
HIGH 7.5
CVE-2020-5311 37780

libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer ov…

  • <6.2.2
CRITICAL 9.8
CVE-2020-5312 37781

libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer…

  • <6.2.2
CRITICAL 9.8
CVE-2020-5313 37782

libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overf…

  • <6.2.2
HIGH 7.1
CVE-2019-16865 44744

Pillow 6.2.0 includes a fix for CVE-2019-16865: An issue was discover…

  • <6.2.0
HIGH 7.5
CVE-2021-23437 41271

Pillow from 5.2.0 and before 8.3.2 is vulnerable to Regular Expressio…

  • >=5.2.0,<8.3.2
HIGH 7.5
CVE-2021-27923 40268

Pillow before 8.1.1 allows attackers to cause a denial of service (me…

  • >=4.3.0,<8.1.1
HIGH 7.5
CVE-2016-9189 33139

Pillow before 3.3.2 allows context-dependent attackers to obtain sens…

  • <3.3.2
MEDIUM 5.5
CVE-2016-9190 33138

Pillow before 3.3.2 allows context-dependent attackers to execute arb…

  • <3.3.2
HIGH 7.8
CVE-2016-3076 25943

pillow before 3.1.2 is vulnerable to an integer overflow in Jpeg2KEnc…

  • <3.1.2
MEDIUM 5.5
CVE-2016-4009 33137

Integer overflow in the ImagingResampleHorizontal function in libImag…

  • <3.1.1
CRITICAL 9.8
CVE-2016-0740 33134

Buffer overflow in the ImagingLibTiffDecode function in libImaging/Ti…

  • <3.1.1
MEDIUM 6.5
CVE-2016-0775 33135

Buffer overflow in the ImagingFliDecode function in libImaging/FliDec…

  • <3.1.1
MEDIUM 6.5
CVE-2016-2533 33136

Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pi…

  • <3.1.1
MEDIUM 6.5
CVE-2014-9601 25936

Pillow before 2.6.2 is vulnerable to a PNG decompression DoS (CVE-201…

  • <2.6.2
MEDIUM 5.0
CVE-2014-3598 25934

pillow before 2.5.3 is vulnerable to a DoS in the Jpeg2KImagePlugin.

  • <2.5.3
MEDIUM 5.0
CVE-2023-4863 61489

Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include …

  • >=2.5.0,<10.0.1
HIGH 8.8
CVE-2014-3007 38907

Pillow 2.5.0 includes a fix that prevents shell injection. https://gi…

  • <2.5.0
HIGH 10.0
CVE-2014-1932 25931

pillow before 2.3.1 makes insecure use of tempfile.mktemp (CVE-2014-1…

  • <2.3.1
MEDIUM 4.4
CVE-2014-1933 39580

pillow before 2.3.1 makes insecure use of tempfile.mktemp (CVE-2014-1…

  • <2.3.1
LOW 2.1
CVE-2023-50447 64436

Pillow is affected by an arbitrary code execution vulnerability. If a…

  • <10.2.0
HIGH 8.1
PVE-2024-64437 64437

Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont…

  • <10.2.0
- -
CVE-2023-44271 62156

Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service th…

  • <10.0.0
HIGH 7.5
CVE-2021-28675 54688

An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdIma…

  • >=0,<8.2.0
MEDIUM 5.5