VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
>
Python
>
Pillow
> 9.0.0
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2024-01-19
CVE-2023-50447
Code Injection vulnerability in multiple products
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).
network
high complexity
python
debian
CWE-94
8.1
8.1
2023-11-03
CVE-2023-44271
Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An issue was discovered in Pillow before 10.0.0.
network
low complexity
python
fedoraproject
CWE-770
7.5
7.5
2022-11-14
CVE-2022-45198
Unspecified vulnerability in Python Pillow
Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).
network
low complexity
python
7.5
7.5
2022-11-14
CVE-2022-45199
Resource Exhaustion vulnerability in Python Pillow
Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.
network
low complexity
python
CWE-400
7.5
7.5
2022-03-28
CVE-2022-24303
Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.
network
low complexity
python
fedoraproject
critical
9.1
9.1
2022-01-10
CVE-2022-22817
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method.
network
low complexity
python
debian
critical
9.8
9.8