Vulnerabilities > Python > Pillow > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-19 | CVE-2023-50447 | Code Injection vulnerability in multiple products Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter). | 8.1 |
| 2023-11-03 | CVE-2023-44271 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An issue was discovered in Pillow before 10.0.0. | 7.5 |
| 2022-11-14 | CVE-2022-45198 | Unspecified vulnerability in Python Pillow Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification). | 7.5 |
| 2022-11-14 | CVE-2022-45199 | Resource Exhaustion vulnerability in Python Pillow Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL. | 7.5 |
| 2022-05-25 | CVE-2022-30595 | Out-of-bounds Write vulnerability in Python Pillow 9.1.0 libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files. | 7.5 |
| 2021-09-03 | CVE-2021-23437 | Out-of-bounds Read vulnerability in multiple products The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function. | 7.5 |
| 2021-06-02 | CVE-2021-28676 | Infinite Loop vulnerability in multiple products An issue was discovered in Pillow before 8.2.0. | 7.5 |
| 2021-06-02 | CVE-2021-28677 | An issue was discovered in Pillow before 8.2.0. | 7.5 |
| 2021-03-19 | CVE-2021-25289 | Out-of-bounds Write vulnerability in Python Pillow An issue was discovered in Pillow before 8.1.1. | 7.5 |
| 2021-03-03 | CVE-2021-27923 | Improper Input Validation vulnerability in multiple products Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large. | 7.5 |