Known Vulnerabilities for Pillow by Python
Listed below are 10 of the newest known vulnerabilities associated with "Pillow" by "Python".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-24303 | Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled. | 9.1 - CRITICAL | 2022-03-28 | 2023-11-07 |
| CVE-2022-22817 | PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec m... | 9.8 - CRITICAL | 2022-01-10 | 2023-12-10 |
| CVE-2022-22816 | path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. | 6.5 - MEDIUM | 2022-01-10 | 2023-01-31 |
| CVE-2022-22815 | path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. | 6.5 - MEDIUM | 2022-01-10 | 2023-01-31 |
| CVE-2021-25291 | An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via inval... | 7.5 - HIGH | 2021-03-19 | 2021-12-01 |
| CVE-2021-25290 | An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size. | 7.5 - HIGH | 2021-03-19 | 2021-12-03 |
| CVE-2021-25289 | An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files... | 9.8 - CRITICAL | 2021-03-19 | 2021-12-01 |
| CVE-2021-25288 | An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i. | 9.1 - CRITICAL | 2021-06-02 | 2023-11-07 |
| CVE-2021-25287 | An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la. | 9.1 - CRITICAL | 2021-06-02 | 2023-11-07 |
| CVE-2021-23437 | The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb funct... | 7.5 - HIGH | 2021-09-03 | 2023-11-07 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Python | Pillow | 8.1.0 | All | All | All |
| Application | Python | Pillow | 8.0.1 | All | All | All |
| Application | Python | Pillow | 8.0.0 | All | All | All |
| Application | Python | Pillow | 7.2.0 | All | All | All |
| Application | Python | Pillow | 7.1.2 | All | All | All |
| Application | Python | Pillow | 7.1.1 | All | All | All |
| Application | Python | Pillow | 7.1.0 | All | All | All |
| Application | Python | Pillow | 7.0.0 | All | All | All |
| Application | Python | Pillow | 6.2.3 | All | All | All |
| Application | Python | Pillow | 6.2.2 | All | All | All |
| Application | Python | Pillow | 6.2.0 | All | All | All |
| Application | Python | Pillow | 6.0.0 | All | All | All |
| Application | Python | Pillow | 5.4.1 | All | All | All |
| Application | Python | Pillow | 5.4.0 | All | All | All |
| Application | Python | Pillow | 5.3.0 | All | All | All |
| Application | Python | Pillow | 5.2.0 | All | All | All |
| Application | Python | Pillow | 5.1.0 | All | All | All |
| Application | Python | Pillow | 5.0.0 | All | All | All |
| Application | Python | Pillow | 4.3.0 | All | All | All |
| Application | Python | Pillow | 4.2.1 | All | All | All |