Vulnerabilities > Python > Pillow > 9.0.1

DATE CVE VULNERABILITY TITLE RISK
2024-01-19 CVE-2023-50447 Code Injection vulnerability in multiple products
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).
network
high complexity
python debian CWE-94
8.1
8.1
2023-11-03 CVE-2023-44271 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An issue was discovered in Pillow before 10.0.0.
network
low complexity
python fedoraproject CWE-770
7.5
7.5
2022-11-14 CVE-2022-45198 Unspecified vulnerability in Python Pillow
Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).
network
low complexity
python
7.5
7.5
2022-11-14 CVE-2022-45199 Resource Exhaustion vulnerability in Python Pillow
Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.
network
low complexity
python CWE-400
7.5
7.5