rpm package
opensuse/python-Pillow&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/python-Pillow&distro=openSUSE%20Tumbleweed
Vulnerabilities (26)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-40192 | Hig | 7.5 | < 12.2.0-2.1 | 12.2.0-2.1 | Apr 15, 2026 | Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leadi | |
| CVE-2026-25990 | Hig | 7.5 | < 12.1.1-1.1 | 12.1.1-1.1 | Feb 11, 2026 | Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, an out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1. | |
| CVE-2025-48379 | Hig | 7.1 | < 11.3.0-1.1 | 11.3.0-1.1 | Jul 1, 2025 | Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only aff | |
| CVE-2024-28219 | Med | 6.7 | < 10.3.0-1.1 | 10.3.0-1.1 | Apr 3, 2024 | In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy. | |
| CVE-2023-50447 | Hig | 8.1 | < 10.2.0-1.1 | 10.2.0-1.1 | Jan 19, 2024 | Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter). | |
| CVE-2023-44271 | Hig | 7.5 | < 10.0.1-2.1 | 10.0.1-2.1 | Nov 3, 2023 | An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw in | |
| CVE-2022-30595 | Cri | 9.8 | < 9.1.1-1.1 | 9.1.1-1.1 | May 25, 2022 | libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files. | |
| CVE-2022-24303 | Cri | 9.1 | < 9.0.1-1.1 | 9.0.1-1.1 | Mar 28, 2022 | Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled. | |
| CVE-2022-22817 | Cri | 9.8 | < 9.0.1-1.1 | 9.0.1-1.1 | Jan 10, 2022 | PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used. | |
| CVE-2021-23437 | Hig | 7.5 | < 8.3.2-1.2 | 8.3.2-1.2 | Sep 3, 2021 | The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function. | |
| CVE-2021-34552 | Cri | 9.8 | < 8.3.2-1.2 | 8.3.2-1.2 | Jul 13, 2021 | Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c. | |
| CVE-2021-25293 | Hig | 7.5 | < 8.3.2-1.2 | 8.3.2-1.2 | Mar 19, 2021 | An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c. | |
| CVE-2021-25292 | Med | 6.5 | < 8.3.2-1.2 | 8.3.2-1.2 | Mar 19, 2021 | An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex. | |
| CVE-2021-25291 | Hig | 7.5 | < 8.3.2-1.2 | 8.3.2-1.2 | Mar 19, 2021 | An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries. | |
| CVE-2021-25290 | Hig | 7.5 | < 8.3.2-1.2 | 8.3.2-1.2 | Mar 19, 2021 | An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size. | |
| CVE-2021-25289 | Cri | 9.8 | < 8.3.2-1.2 | 8.3.2-1.2 | Mar 19, 2021 | An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654. | |
| CVE-2021-27921 | Hig | 7.5 | < 8.3.2-1.2 | 8.3.2-1.2 | Mar 3, 2021 | Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. | |
| CVE-2020-35655 | Med | 5.4 | < 8.3.2-1.2 | 8.3.2-1.2 | Jan 12, 2021 | In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled. | |
| CVE-2020-35654 | Hig | 8.8 | < 8.3.2-1.2 | 8.3.2-1.2 | Jan 12, 2021 | In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. | |
| CVE-2020-35653 | Hig | 7.1 | < 8.3.2-1.2 | 8.3.2-1.2 | Jan 12, 2021 | In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations. |
- affected < 12.2.0-2.1fixed 12.2.0-2.1
Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leadi
- affected < 12.1.1-1.1fixed 12.1.1-1.1
Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, an out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.
- affected < 11.3.0-1.1fixed 11.3.0-1.1
Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only aff
- affected < 10.3.0-1.1fixed 10.3.0-1.1
In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.
- affected < 10.2.0-1.1fixed 10.2.0-1.1
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).
- affected < 10.0.1-2.1fixed 10.0.1-2.1
An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw in
- affected < 9.1.1-1.1fixed 9.1.1-1.1
libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files.
- affected < 9.0.1-1.1fixed 9.0.1-1.1
Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.
- affected < 9.0.1-1.1fixed 9.0.1-1.1
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used.
- affected < 8.3.2-1.2fixed 8.3.2-1.2
The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.
- affected < 8.3.2-1.2fixed 8.3.2-1.2
Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.
- affected < 8.3.2-1.2fixed 8.3.2-1.2
An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.
- affected < 8.3.2-1.2fixed 8.3.2-1.2
An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.
- affected < 8.3.2-1.2fixed 8.3.2-1.2
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.
- affected < 8.3.2-1.2fixed 8.3.2-1.2
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.
- affected < 8.3.2-1.2fixed 8.3.2-1.2
An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.
- affected < 8.3.2-1.2fixed 8.3.2-1.2
Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.
- affected < 8.3.2-1.2fixed 8.3.2-1.2
In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.
- affected < 8.3.2-1.2fixed 8.3.2-1.2
In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.
- affected < 8.3.2-1.2fixed 8.3.2-1.2
In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.
Page 1 of 2