Pillow

DATE	CVE	VULNERABILITY TITLE	RISK
2020-06-25	CVE-2020-10379	Classic Buffer Overflow vulnerability in multiple products In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c. local low complexity python fedoraproject canonical CWE-120	7.8
2020-06-25	CVE-2020-10378	Out-of-bounds Read vulnerability in multiple products In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer. local low complexity python fedoraproject canonical CWE-125	5.5
2020-06-25	CVE-2020-10177	Out-of-bounds Read vulnerability in multiple products Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c. local low complexity python debian fedoraproject canonical CWE-125	5.5
2020-01-05	CVE-2019-19911	Integer Overflow or Wraparound vulnerability in multiple products There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. network low complexity python debian fedoraproject canonical CWE-190	7.5
2020-01-03	CVE-2020-5313	Out-of-bounds Read vulnerability in multiple products libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow. network low complexity python debian canonical fedoraproject CWE-125	7.1
2020-01-03	CVE-2020-5312	Classic Buffer Overflow vulnerability in multiple products libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow. network low complexity python canonical debian fedoraproject CWE-120 critical	9.8
2020-01-03	CVE-2020-5311	Classic Buffer Overflow vulnerability in multiple products libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow. network low complexity python debian canonical fedoraproject CWE-120 critical	9.8
2020-01-03	CVE-2020-5310	Integer Overflow or Wraparound vulnerability in multiple products libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc. network low complexity python canonical fedoraproject CWE-190	8.8
2019-10-04	CVE-2019-16865	Allocation of Resources Without Limits or Throttling vulnerability in multiple products An issue was discovered in Pillow before 6.2.0. network low complexity python fedoraproject CWE-770	7.5
2017-04-24	CVE-2016-3076	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Python Pillow Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file. local low complexity python CWE-119	5.5