Vulnerabilities > Python > Pillow > 7.2.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-19 | CVE-2021-25289 | Out-of-bounds Write vulnerability in Python Pillow An issue was discovered in Pillow before 8.1.1. | 7.5 |
| 2021-03-03 | CVE-2021-27923 | Improper Input Validation vulnerability in multiple products Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large. | 7.5 |
| 2021-03-03 | CVE-2021-27922 | Improper Input Validation vulnerability in multiple products Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large. | 7.5 |
| 2021-03-03 | CVE-2021-27921 | Improper Input Validation vulnerability in multiple products Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. | 7.5 |
| 2021-01-12 | CVE-2020-35655 | Out-of-bounds Read vulnerability in multiple products In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled. | 5.4 |
| 2021-01-12 | CVE-2020-35654 | Out-of-bounds Write vulnerability in multiple products In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. | 8.8 |
| 2021-01-12 | CVE-2020-35653 | Out-of-bounds Read vulnerability in multiple products In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations. | 7.1 |