Vulnerabilities > Python > Pillow > High

DATE CVE VULNERABILITY TITLE RISK
2021-03-03 CVE-2021-27923 Improper Input Validation vulnerability in multiple products
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.
network
low complexity
python fedoraproject CWE-20
7.5
2021-03-03 CVE-2021-27922 Improper Input Validation vulnerability in multiple products
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.
network
low complexity
python fedoraproject CWE-20
7.5
2021-03-03 CVE-2021-27921 Improper Input Validation vulnerability in multiple products
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.
network
low complexity
python fedoraproject CWE-20
7.5
2021-01-12 CVE-2020-35654 Out-of-bounds Write vulnerability in multiple products
In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.
network
low complexity
python fedoraproject CWE-787
8.8
2021-01-12 CVE-2020-35653 Out-of-bounds Read vulnerability in multiple products
In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.
network
low complexity
python fedoraproject debian CWE-125
7.1
2020-06-25 CVE-2020-11538 Out-of-bounds Read vulnerability in multiple products
In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311.
network
high complexity
python fedoraproject canonical CWE-125
8.1
2020-06-25 CVE-2020-10379 Classic Buffer Overflow vulnerability in multiple products
In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c.
local
low complexity
python fedoraproject canonical CWE-120
7.8
2020-01-05 CVE-2019-19911 Integer Overflow or Wraparound vulnerability in multiple products
There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large.
network
low complexity
python debian fedoraproject canonical CWE-190
7.5
2020-01-03 CVE-2020-5313 Out-of-bounds Read vulnerability in multiple products
libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.
network
low complexity
python debian canonical fedoraproject CWE-125
7.1
2020-01-03 CVE-2020-5310 Integer Overflow or Wraparound vulnerability in multiple products
libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc.
network
low complexity
python canonical fedoraproject CWE-190
8.8