Search CVE reports

Toggle filters

11 – 20 of 65 results

CVE-2022-45199

Low priority
Not affected

Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.

2 affected packages

pillow, pillow-python2

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pillow Not affected Not affected Not affected
pillow-python2 Not in release Not affected Not in release
Show less packages

CVE-2022-45198

Low priority
Fixed

Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).

2 affected packages

pillow, pillow-python2

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pillow Not affected Fixed Fixed Not affected
pillow-python2 Not in release Fixed Not in release
Show less packages

CVE-2022-30595

Medium priority
Not affected

libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files.

2 affected packages

pillow, pillow-python2

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pillow Not affected Not affected Not affected
pillow-python2 Not in release Not affected Not in release
Show less packages

CVE-2022-24303

Low priority

Some fixes available 2 of 3

Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.

2 affected packages

pillow, pillow-python2

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pillow Not affected Not affected Fixed Not affected
pillow-python2 Not in release Not in release Fixed Not in release
Show less packages

CVE-2022-22817

Medium priority
Fixed

PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used.

3 affected packages

pillow, pillow-python2, python-imaging

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pillow Not affected Not affected Not affected Fixed Fixed
pillow-python2 Not in release Not in release Not in release Ignored Not in release
python-imaging Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2022-22816

Low priority
Fixed

path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.

3 affected packages

pillow, pillow-python2, python-imaging

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pillow Fixed Fixed Fixed Fixed Fixed
pillow-python2 Not in release Not in release Not in release Ignored Not in release
python-imaging Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2022-22815

Medium priority
Fixed

path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.

3 affected packages

pillow, pillow-python2, python-imaging

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pillow Fixed Fixed Fixed Fixed Fixed
pillow-python2 Not in release Not in release Not in release Ignored Not in release
python-imaging Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2021-23437

Low priority
Fixed

The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.

3 affected packages

pillow, pillow-python2, python-imaging

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pillow Fixed Fixed Fixed Fixed Fixed
pillow-python2 Not in release Not in release Not in release Ignored Not in release
python-imaging Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2021-34552

Low priority

Some fixes available 5 of 7

Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.

3 affected packages

pillow, pillow-python2, python-imaging

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pillow Not affected Not affected Not affected Fixed Fixed
pillow-python2 Not in release Not in release Not in release Ignored Not in release
python-imaging Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2021-28678

Low priority

Some fixes available 14 of 15

An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number...

3 affected packages

pillow, pillow-python2, python-imaging

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pillow Fixed Fixed Fixed Fixed Fixed
pillow-python2 Not in release Not in release Not in release Ignored Not in release
python-imaging Not in release Not in release Not in release Not in release Not in release
Show less packages
  1. Previous page
  2. 1
  3. 2
  4. 3
  5. 4
  6. 5
  7. Next page
Export to JSON