Vulnerabilities > Python > Pillow > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-10 | CVE-2022-22815 | Improper Initialization vulnerability in multiple products path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. | 6.5 |
| 2022-01-10 | CVE-2022-22816 | Out-of-bounds Read vulnerability in multiple products path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. | 6.5 |
| 2021-06-02 | CVE-2021-28678 | Insufficient Verification of Data Authenticity vulnerability in multiple products An issue was discovered in Pillow before 8.2.0. | 5.5 |
| 2021-06-02 | CVE-2021-28675 | Unchecked Return Value vulnerability in multiple products An issue was discovered in Pillow before 8.2.0. | 5.5 |
| 2021-03-19 | CVE-2021-25292 | Unspecified vulnerability in Python Pillow An issue was discovered in Pillow before 8.1.1. | 6.5 |
| 2021-01-12 | CVE-2020-35655 | Out-of-bounds Read vulnerability in multiple products In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled. | 5.4 |
| 2020-06-25 | CVE-2020-10994 | Out-of-bounds Read vulnerability in multiple products In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file. | 5.5 |
| 2020-06-25 | CVE-2020-10378 | Out-of-bounds Read vulnerability in multiple products In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer. | 5.5 |
| 2020-06-25 | CVE-2020-10177 | Out-of-bounds Read vulnerability in multiple products Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c. | 5.5 |
| 2017-04-24 | CVE-2016-3076 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Python Pillow Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file. | 5.5 |