Search CVE reports
1 – 10 of 70 results
Pillow is a Python imaging library. Prior to 12.3.0, WindowsViewer.get_command() constructed a cmd.exe shell command by directly embedding a file path into an f-string without escaping and passed the result to...
2 affected packages
pillow, pillow-python2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| pillow | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| pillow-python2 | Not in release | Not in release | Not in release | Needs evaluation | — |
Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile._open() read image dimensions from the GD 2.x header and stored them in self._size without calling Image._decompression_bomb_check(), allowing a...
2 affected packages
pillow, pillow-python2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| pillow | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| pillow-python2 | Not in release | Not in release | Not in release | Needs evaluation | — |
Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdf_char() read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new() without...
2 affected packages
pillow, pillow-python2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| pillow | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| pillow-python2 | Not in release | Not in release | Not in release | Needs evaluation | — |
Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile() assembled per-glyph images into a combined bitmap with Image.new("1", (xsize, ysize)) without calling Image._decompression_bomb_check(),...
2 affected packages
pillow, pillow-python2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| pillow | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| pillow-python2 | Not in release | Not in release | Not in release | Needs evaluation | — |
Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py _load_bitmaps() read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes() without...
2 affected packages
pillow, pillow-python2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| pillow | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| pillow-python2 | Not in release | Not in release | Not in release | Needs evaluation | — |
Some fixes available 2 of 3
Pillow is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution. This issue has been...
2 affected packages
pillow, pillow-python2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| pillow | Fixed | Not affected | Not affected | Not affected | Not affected |
| pillow-python2 | Not in release | Not in release | Not in release | Needs evaluation | — |
Some fixes available 4 of 9
Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This...
2 affected packages
pillow, pillow-python2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| pillow | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
| pillow-python2 | Not in release | Not in release | Not in release | Needs evaluation | — |
Pillow is a Python imaging library. From version 11.2.1 to before version 12.2.0, passing nested lists as coordinates to APIs that accept coordinates such as ImagePath.Path, ImageDraw.ImageDraw.polygon and ImageDraw.ImageDraw.line...
2 affected packages
pillow, pillow-python2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| pillow | Fixed | Not affected | Not affected | Not affected | Not affected |
| pillow-python2 | Not in release | Not in release | Not in release | Not affected | — |
Some fixes available 4 of 9
Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been...
2 affected packages
pillow, pillow-python2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| pillow | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
| pillow-python2 | Not in release | Not in release | Not in release | Needs evaluation | — |
Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks. A specially crafted FITS...
2 affected packages
pillow, pillow-python2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| pillow | Fixed | Not affected | Not affected | Not affected | Not affected |
| pillow-python2 | Not in release | Not in release | Not in release | Not affected | — |