Vulnerabilities > Python > Pillow

DATE CVE VULNERABILITY TITLE RISK
2024-01-19 CVE-2023-50447 Code Injection vulnerability in multiple products
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).
network
high complexity
python debian CWE-94
8.1
2023-11-03 CVE-2023-44271 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An issue was discovered in Pillow before 10.0.0.
network
low complexity
python fedoraproject CWE-770
7.5
2022-11-14 CVE-2022-45198 Unspecified vulnerability in Python Pillow
Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).
network
low complexity
python
7.5
2022-11-14 CVE-2022-45199 Resource Exhaustion vulnerability in Python Pillow
Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.
network
low complexity
python CWE-400
7.5
2022-05-25 CVE-2022-30595 Out-of-bounds Write vulnerability in Python Pillow 9.1.0
libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files.
network
low complexity
python CWE-787
critical
9.8
2022-03-28 CVE-2022-24303 Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.
network
low complexity
python fedoraproject
critical
9.1
2022-01-10 CVE-2022-22815 Improper Initialization vulnerability in multiple products
path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.
network
low complexity
python debian CWE-665
6.5
2022-01-10 CVE-2022-22816 Out-of-bounds Read vulnerability in multiple products
path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.
network
low complexity
python debian CWE-125
6.5
2022-01-10 CVE-2022-22817 PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method.
network
low complexity
python debian
critical
9.8
2021-09-03 CVE-2021-23437 Out-of-bounds Read vulnerability in multiple products
The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.
network
low complexity
python fedoraproject CWE-125
7.5