Search CVE reports
1 – 10 of 78 results
Pillow is a Python imaging library. From 5.1.0 until 12.3.0, PdfParser.PdfStream.decode() in PIL/PdfParser.py calls zlib.decompress() with bufsize set to the PDF stream Length field without bounding the decompressed output size,...
2 affected packages
pillow, pillow-python2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| pillow | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| pillow-python2 | Not in release | Not in release | Not in release | Needs evaluation | — |
Pillow is a Python imaging library. Prior to 12.3.0, Pillow's public rank-filter API can trigger a native heap out-of-bounds write when given a very large odd filter size because ImageFilter.RankFilter.filter()...
2 affected packages
pillow, pillow-python2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| pillow | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| pillow-python2 | Not in release | Not in release | Not in release | Needs evaluation | — |
Pillow is a Python imaging library. Prior to 12.3.0, when Pillow loads an uncompressed McIdas AREA image from a filename through the mmap raw codec path, attacker-controlled header words can set a row stride smaller than the...
2 affected packages
pillow, pillow-python2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| pillow | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| pillow-python2 | Not in release | Not in release | Not in release | Needs evaluation | — |
Pillow is a Python imaging library. Prior to 12.3.0, Pillow's ImageCms.ImageCmsTransform.apply(im, imOut) API can trigger controlled native heap corruption when the caller supplies an output image whose mode does not match the...
2 affected packages
pillow, pillow-python2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| pillow | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| pillow-python2 | Not in release | Not in release | Not in release | Needs evaluation | — |
Pillow is a Python imaging library. From 8.2.0 through 12.2.0, src/libImaging/Jpeg2KDecode.c accumulates total_component_width across every tile in a JPEG2000 image instead of recomputing it per tile, allowing a crafted tiled...
2 affected packages
pillow, pillow-python2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| pillow | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| pillow-python2 | Not in release | Not in release | Not in release | Needs evaluation | — |
Pillow is a Python imaging library. From 12.0.0 through 12.2.0, Pillow's EPS parser in PIL/EpsImagePlugin.py accepts a negative byte count in the %%BeginBinary directive, allowing a crafted EPS file to cause Image.open() to seek...
2 affected packages
pillow, pillow-python2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| pillow | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| pillow-python2 | Not in release | Not in release | Not in release | Needs evaluation | — |
Pillow is a Python imaging library. Prior to 12.3.0, Pillow public image coordinate APIs can trigger a native heap out-of-bounds write when given coordinates near the signed 32-bit integer limits in Image.paste(), Image.crop(), or...
2 affected packages
pillow, pillow-python2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| pillow | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| pillow-python2 | Not in release | Not in release | Not in release | Needs evaluation | — |
Pillow is a Python imaging library. From 5.2.0 until 12.3.0, Pillow's TGA RLE encoder reads past its packed row buffer when saving a mode 1 image with TGA RLE compression, allowing adjacent process heap bytes to be copied into the...
2 affected packages
pillow, pillow-python2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| pillow | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| pillow-python2 | Not in release | Not in release | Not in release | Needs evaluation | — |
Pillow is a Python imaging library. Prior to 12.3.0, WindowsViewer.get_command() constructed a cmd.exe shell command by directly embedding a file path into an f-string without escaping and passed the result to...
2 affected packages
pillow, pillow-python2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| pillow | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| pillow-python2 | Not in release | Not in release | Not in release | Needs evaluation | — |
Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile._open() read image dimensions from the GD 2.x header and stored them in self._size without calling Image._decompression_bomb_check(), allowing a...
2 affected packages
pillow, pillow-python2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| pillow | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| pillow-python2 | Not in release | Not in release | Not in release | Needs evaluation | — |