Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Pillow
(Python)| Repositories |
• https://github.com/python-pillow/Pillow
• https://github.com/python-imaging/Pillow |
| #Vulnerabilities | 52 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-11-04 | CVE-2016-9189 | Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component. | Debian_linux, Pillow | 5.5 | ||
| 2016-04-13 | CVE-2016-4009 | Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow. | Pillow | 9.8 | ||
| 2017-04-24 | CVE-2016-3076 | Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file. | Pillow | 5.5 | ||
| 2016-04-13 | CVE-2016-2533 | Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file. | Debian_linux, Pillow, Python_imaging | 6.5 | ||
| 2016-04-13 | CVE-2016-0775 | Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file. | Debian_linux, Pillow | 6.5 | ||
| 2016-04-13 | CVE-2016-0740 | Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file. | Debian_linux, Pillow | 6.5 | ||
| 2015-01-16 | CVE-2014-9601 | Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed. | Fedora, Opensuse, Solaris, Pillow | N/A | ||
| 2015-05-01 | CVE-2014-3598 | The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image. | Opensuse, Pillow | N/A | ||
| 2014-08-25 | CVE-2014-3589 | PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size. | Python\-Imaging, Opensuse, Pillow | N/A | ||
| 2014-04-27 | CVE-2014-3007 | Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py. | Pillow, Python_imaging_library | N/A |