Information on source package pillow

Available versions

ReleaseVersion
jessie2.6.1-2+deb8u10
stretch4.0.0-4+deb9u6
stretch (security)4.0.0-4+deb9u4
buster5.4.1-2+deb10u6
bullseye8.1.2+dfsg-0.3+deb11u2
bookworm9.4.0-1.1+deb12u1
trixie10.4.0-1
sid10.4.0-1

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2022-45198fixedfixedfixedvulnerable (no DSA)fixedfixedfixedPillow before 9.2.0 performs Improper Handling of Highly Compressed GI ...
CVE-2022-24303fixedfixedvulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedPillow before 9.0.1 allows attackers to delete files because spaces in ...
CVE-2021-28676fixedfixedvulnerable (no DSA, ignored)fixedfixedfixedfixedAn issue was discovered in Pillow before 8.2.0. For FLI data, FliDecod ...
CVE-2021-28675fixedvulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedfixedAn issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImag ...
CVE-2021-27923vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedPillow before 8.1.1 allows attackers to cause a denial of service (mem ...
CVE-2021-27922vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedPillow before 8.1.1 allows attackers to cause a denial of service (mem ...
CVE-2021-25293fixedfixedvulnerable (no DSA, ignored)fixedfixedfixedfixedAn issue was discovered in Pillow before 8.1.1. There is an out-of-bou ...
CVE-2021-23437fixedfixedfixedvulnerable (no DSA)fixedfixedfixedThe package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Ex ...
CVE-2019-16865vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedAn issue was discovered in Pillow before 6.2.0. When reading specially ...
CVE-2016-4009vulnerable (no DSA, postponed)fixedfixedfixedfixedfixedfixedInteger overflow in the ImagingResampleHorizontal function in libImagi ...

Open unimportant issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2021-25288vulnerablevulnerablevulnerablefixedfixedfixedfixedAn issue was discovered in Pillow before 8.2.0. There is an out-of-bou ...
CVE-2021-25287vulnerablevulnerablevulnerablefixedfixedfixedfixedAn issue was discovered in Pillow before 8.2.0. There is an out-of-bou ...
CVE-2020-10994vulnerablevulnerablevulnerablefixedfixedfixedfixedIn libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multipl ...
CVE-2016-3076vulnerablefixedfixedfixedfixedfixedfixedHeap-based buffer overflow in the j2k_encode_entry function in Pillow ...

Resolved issues

BugDescription
CVE-2024-28219In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists bec ...
CVE-2023-50447Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Executi ...
CVE-2023-44271An issue was discovered in Pillow before 10.0.0. It is a Denial of Ser ...
CVE-2022-45199Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.
CVE-2022-30595libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow i ...
CVE-2022-22817PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitra ...
CVE-2022-22816path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read d ...
CVE-2022-22815path_getbbox in path.c in Pillow before 9.0.0 improperly initializes I ...
CVE-2021-34552Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1. ...
CVE-2021-28678An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImage ...
CVE-2021-28677An issue was discovered in Pillow before 8.2.0. For EPS data, the read ...
CVE-2021-27921Pillow before 8.1.1 allows attackers to cause a denial of service (mem ...
CVE-2021-25292An issue was discovered in Pillow before 8.1.1. The PDF parser allows ...
CVE-2021-25291An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there ...
CVE-2021-25290An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there ...
CVE-2021-25289An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap- ...
CVE-2020-35655In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read whe ...
CVE-2020-35654In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow wh ...
CVE-2020-35653In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding ...
CVE-2020-11538In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out- ...
CVE-2020-10379In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/T ...
CVE-2020-10378In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds rea ...
CVE-2020-10177Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/Fli ...
CVE-2020-5313libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overfl ...
CVE-2020-5312libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer ...
CVE-2020-5311libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer ove ...
CVE-2020-5310libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding int ...
CVE-2019-19911There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImage ...
CVE-2016-9190Pillow before 3.3.2 allows context-dependent attackers to execute arbi ...
CVE-2016-9189Pillow before 3.3.2 allows context-dependent attackers to obtain sensi ...
CVE-2016-2533Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pil ...
CVE-2016-0775Buffer overflow in the ImagingFliDecode function in libImaging/FliDeco ...
CVE-2016-0740Buffer overflow in the ImagingLibTiffDecode function in libImaging/Tif ...
CVE-2014-9601Pillow before 2.7.0 allows remote attackers to cause a denial of servi ...
CVE-2014-3598The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote atta ...
CVE-2014-3589PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow befo ...
CVE-2014-3007Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allo ...
CVE-2014-1933The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python ...
CVE-2014-1932The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript fun ...

Security announcements

DSA / DLADescription
DSA-5704-1pillow - security update
ELA-1079-1pillow - security update
DLA-3786-1pillow - security update
DLA-3768-1pillow - security update
ELA-1059-1pillow - security update
DLA-3724-1pillow - security update
ELA-546-2pillow - regression update
ELA-546-1pillow - security update
DLA-2893-1pillow - security update
DSA-5053-1pillow - security update
DLA-2716-1pillow - security update
ELA-383-1pillow - security update
DLA-2317-1pillow - security update
ELA-259-1pillow - security update
DSA-4631-1pillow - security update
DLA-2057-1pillow - security update
DSA-3710-1pillow - security update
DSA-3499-1pillow - security update

Search for package or bug name: Reporting problems