| Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
|---|
| CVE-2024-28219 | vulnerable | vulnerable | fixed | vulnerable | vulnerable | vulnerable | fixed | In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists bec ... |
| CVE-2023-50447 | fixed | fixed | fixed | vulnerable | vulnerable | fixed | fixed | Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Executi ... |
| CVE-2023-44271 | fixed | fixed | fixed | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | An issue was discovered in Pillow before 10.0.0. It is a Denial of Ser ... |
| CVE-2022-45198 | fixed | fixed | fixed | vulnerable (no DSA) | fixed | fixed | fixed | Pillow before 9.2.0 performs Improper Handling of Highly Compressed GI ... |
| CVE-2022-24303 | fixed | fixed | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | Pillow before 9.0.1 allows attackers to delete files because spaces in ... |
| CVE-2021-28676 | fixed | fixed | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecod ... |
| CVE-2021-28675 | fixed | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImag ... |
| CVE-2021-27923 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | Pillow before 8.1.1 allows attackers to cause a denial of service (mem ... |
| CVE-2021-27922 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | Pillow before 8.1.1 allows attackers to cause a denial of service (mem ... |
| CVE-2021-25293 | fixed | fixed | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | An issue was discovered in Pillow before 8.1.1. There is an out-of-bou ... |
| CVE-2021-23437 | fixed | fixed | fixed | vulnerable (no DSA) | fixed | fixed | fixed | The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Ex ... |
| CVE-2019-16865 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | An issue was discovered in Pillow before 6.2.0. When reading specially ... |
| Bug | Description |
|---|
| CVE-2022-45199 | Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL. |
| CVE-2022-30595 | libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow i ... |
| CVE-2022-22817 | PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitra ... |
| CVE-2022-22816 | path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read d ... |
| CVE-2022-22815 | path_getbbox in path.c in Pillow before 9.0.0 improperly initializes I ... |
| CVE-2021-34552 | Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1. ... |
| CVE-2021-28678 | An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImage ... |
| CVE-2021-28677 | An issue was discovered in Pillow before 8.2.0. For EPS data, the read ... |
| CVE-2021-27921 | Pillow before 8.1.1 allows attackers to cause a denial of service (mem ... |
| CVE-2021-25292 | An issue was discovered in Pillow before 8.1.1. The PDF parser allows ... |
| CVE-2021-25291 | An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there ... |
| CVE-2021-25290 | An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there ... |
| CVE-2021-25289 | An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap- ... |
| CVE-2020-35655 | In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read whe ... |
| CVE-2020-35654 | In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow wh ... |
| CVE-2020-35653 | In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding ... |
| CVE-2020-11538 | In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out- ... |
| CVE-2020-10379 | In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/T ... |
| CVE-2020-10378 | In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds rea ... |
| CVE-2020-10177 | Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/Fli ... |
| CVE-2020-5313 | libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overfl ... |
| CVE-2020-5312 | libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer ... |
| CVE-2020-5311 | libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer ove ... |
| CVE-2020-5310 | libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding int ... |
| CVE-2019-19911 | There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImage ... |
| CVE-2016-9190 | Pillow before 3.3.2 allows context-dependent attackers to execute arbi ... |
| CVE-2016-9189 | Pillow before 3.3.2 allows context-dependent attackers to obtain sensi ... |
| CVE-2016-4009 | Integer overflow in the ImagingResampleHorizontal function in libImagi ... |
| CVE-2016-2533 | Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pil ... |
| CVE-2016-0775 | Buffer overflow in the ImagingFliDecode function in libImaging/FliDeco ... |
| CVE-2016-0740 | Buffer overflow in the ImagingLibTiffDecode function in libImaging/Tif ... |
| CVE-2014-9601 | Pillow before 2.7.0 allows remote attackers to cause a denial of servi ... |
| CVE-2014-3598 | The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote atta ... |
| CVE-2014-3589 | PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow befo ... |
| CVE-2014-3007 | Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allo ... |
| CVE-2014-1933 | The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python ... |
| CVE-2014-1932 | The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript fun ... |