Version 9.5.0

pillow

Python Imaging Library (Fork)

Install Instructions

pip install pillow
Current Version Release Date October 15, 2024
Language Python
Package URL (purl) pkg:pip/Pillow@9.5.0

Find pillow vulnerabilities in your supply chain.

Scan for Free

pillow Vulnerabilities

Sort by
icon CVE (Latest)
  • icon CVE (Latest)
  • icon CVE (Oldest)
  • icon CVSS Score (Highest)
  • icon CVSS Score (Lowest)
CVE question mark icon CVSS Score question mark icon CWE(s) question mark icon EPSS Score question mark icon EPSS % question mark icon Impacted Versions
CVE-2016-0740 Medium 6.5 CWE-119, CWE-400 0.00443 0.7559
  • 3.0.0–3.1.1.win32
  • 2.0.0–2.9.0.win32
  • 1.0–1.7.8
CVE-2016-0775 Medium 6.5 CWE-119, CWE-400 0.01298 0.86381
  • 3.0.0–3.1.1.win32
  • 2.0.0–2.9.0.win32
  • 1.0–1.7.8
CVE-2016-2533 Medium 6.5 CWE-119, CWE-400 0.07288 0.94278
  • 3.0.0–3.1.1.win32
  • 2.0.0–2.9.0.win32
  • 1.0–1.7.8
CVE-2016-3076 Medium 5.5 CWE-119, CWE-400 0.00526 0.77585
  • 3.0.0–3.1.1.win32
  • 2.5.0–2.9.0.win32
CVE-2016-4009 High 9.8 CWE-119, CWE-400 0.01483 0.873
  • 3.0.0–3.1.1.win32
  • 2.0.0–2.9.0.win32
  • 1.0–1.7.8
CVE-2016-9189 Medium 5.5 CWE-200, CWE-190 0.001 0.42693
  • 3.0.0–3.3.1.win32
  • 2.0.0–2.9.0.win32
  • 1.0–1.7.8
CVE-2016-9190 High 7.8 CWE-94, CWE-284 0.00367 0.73231
  • 3.0.0–3.3.1.win32
  • 2.0.0–2.9.0.win32
  • 1.0–1.7.8
CVE-2019-16865 High 7.5 CWE-770 0.02029 0.89368
  • 6.0.0–6.1.0.win32
  • 5.0.0–5.4.1.win32
  • 4.0.0–4.3.0.win32
  • 3.0.0–3.4.2.win32
  • 2.0.0–2.9.0.win32
  • 1.0–1.7.8
CVE-2019-19911 High 7.5 CWE-400, CWE-190 0.00233 0.62033
  • 6.0.0–6.2.1
  • 5.0.0–5.4.1.win32
  • 4.0.0–4.3.0.win32
  • 3.0.0–3.4.2.win32
  • 2.0.0–2.9.0.win32
  • 1.0–1.7.8
CVE-2020-10177 Medium 5.5 CWE-125 0.00104 0.43733
  • 7.0.0
  • 6.0.0–6.2.2
  • 5.0.0–5.4.1.win32
  • 4.0.0–4.3.0.win32
  • 3.0.0–3.4.2.win32
  • 2.0.0–2.9.0.win32
  • 1.0–1.7.8
CVE-2020-10378 Medium 5.5 CWE-125 0.00089 0.39273
  • 7.0.0
  • 6.0.0–6.2.2
  • 5.0.0–5.4.1.win32
  • 4.0.0–4.3.0.win32
  • 3.0.0–3.4.2.win32
  • 2.0.0–2.9.0.win32
  • 1.0–1.7.8
CVE-2020-10379 High 7.8 CWE-120 0.00182 0.56509
  • 7.0.0
  • 6.0.0–6.2.2
  • 5.0.0–5.4.1.win32
  • 4.0.0–4.3.0.win32
  • 3.0.0–3.4.2.win32
  • 2.0.0–2.9.0.win32
  • 1.0–1.7.8
CVE-2020-10994 Medium 5.5 CWE-125 0.00098 0.4235
  • 7.0.0
  • 6.0.0–6.2.2
  • 5.0.0–5.4.1.win32
  • 4.0.0–4.3.0.win32
  • 3.0.0–3.4.2.win32
  • 2.0.0–2.9.0.win32
  • 1.0–1.7.8
CVE-2020-11538 High 8.1 CWE-125 0.01228 0.85946
  • 7.0.0
  • 6.0.0–6.2.2
  • 5.0.0–5.4.1.win32
  • 4.0.0–4.3.0.win32
  • 3.0.0–3.4.2.win32
  • 2.0.0–2.9.0.win32
  • 1.0–1.7.8
CVE-2020-35653 High 7.1 CWE-125 0.00258 0.66217
  • 8.0.0–8.0.1
  • 7.0.0–7.2.0
  • 6.0.0–6.2.2
  • 5.0.0–5.4.1.win32
  • 4.0.0–4.3.0.win32
  • 3.0.0–3.4.2.win32
  • 2.0.0–2.9.0.win32
  • 1.0–1.7.8
CVE-2020-35654 High 8.8 CWE-787 0.00365 0.73122
  • 8.0.0
  • 7.0.0–7.2.0
  • 6.0.0–6.2.2
  • 5.0.0–5.4.1.win32
  • 4.0.0–4.3.0.win32
  • 3.0.0–3.4.2.win32
  • 2.0.0–2.9.0.win32
  • 1.0–1.7.8
CVE-2020-35655 Medium 5.4 CWE-125 0.00186 0.56995
  • 8.0.0–8.0.1
  • 7.0.0–7.2.0
  • 6.0.0–6.2.2
  • 5.0.0–5.4.1.win32
  • 4.0.0–4.3.0.win32
  • 3.0.0–3.4.2.win32
  • 2.0.0–2.9.0.win32
  • 1.0–1.7.8
CVE-2020-5310 High 8.8 CWE-190 0.00275 0.68786
  • 6.0.0–6.2.1
  • 5.0.0–5.4.1.win32
  • 4.0.0–4.3.0.win32
  • 3.0.0–3.4.2.win32
  • 2.0.0–2.9.0.win32
  • 1.0–1.7.8
CVE-2020-5311 High 9.8 CWE-120 0.00814 0.82405
  • 6.0.0–6.2.1
  • 5.0.0–5.4.1.win32
  • 4.0.0–4.3.0.win32
  • 3.0.0–3.4.2.win32
  • 2.0.0–2.9.0.win32
  • 1.0–1.7.8
CVE-2020-5312 High 9.8 CWE-120 0.00968 0.83912
  • 6.0.0–6.2.1
  • 5.0.0–5.4.1.win32
  • 4.0.0–4.3.0.win32
  • 3.0.0–3.4.2.win32
  • 2.0.0–2.9.0.win32
  • 1.0–1.7.8
CVE-2020-5313 High 7.1 CWE-125 0.00192 0.57883
  • 6.0.0–6.2.1
  • 5.0.0–5.4.1.win32
  • 4.0.0–4.3.0.win32
  • 3.0.0–3.4.2.win32
  • 2.0.0–2.9.0.win32
  • 1.0–1.7.8
CVE-2021-23437 High 7.5 CWE-125 0.00669 0.80336
  • 8.0.0–8.3.1
  • 7.0.0–7.2.0
  • 6.0.0–6.2.2
  • 5.0.0–5.4.1.win32
  • 4.0.0–4.3.0.win32
  • 3.0.0–3.4.2.win32
  • 2.0.0–2.9.0.win32
  • 1.0–1.7.8
CVE-2021-25287 High 9.1 CWE-125 0.00353 0.7267
  • 8.0.0–8.1.2
  • 7.0.0–7.2.0
  • 6.0.0–6.2.2
  • 5.0.0–5.4.1.win32
  • 4.0.0–4.3.0.win32
  • 3.0.0–3.4.2.win32
  • 2.0.0–2.9.0.win32
  • 1.0–1.7.8
CVE-2021-25288 High 9.1 CWE-125 0.00353 0.7267
  • 8.0.0–8.1.2
  • 7.0.0–7.2.0
  • 6.0.0–6.2.2
  • 5.0.0–5.4.1.win32
  • 4.0.0–4.3.0.win32
  • 3.0.0–3.4.2.win32
  • 2.0.0–2.9.0.win32
  • 1.0–1.7.8
CVE-2021-25289 High 9.8 CWE-787 0.00244 0.65142
  • 8.0.0–8.1.0
  • 7.0.0–7.2.0
  • 6.0.0–6.2.2
  • 5.0.0–5.4.1.win32
  • 4.0.0–4.3.0.win32
  • 3.0.0–3.4.2.win32
  • 2.0.0–2.9.0.win32
  • 1.0–1.7.8
CVE-2021-25290 High 7.5 CWE-787 0.00246 0.65285
  • 8.0.0–8.1.0
  • 7.0.0–7.2.0
  • 6.0.0–6.2.2
  • 5.0.0–5.4.1.win32
  • 4.0.0–4.3.0.win32
  • 3.0.0–3.4.2.win32
  • 2.0.0–2.9.0.win32
  • 1.0–1.7.8
CVE-2021-25291 High 7.5 CWE-125 0.00116 0.46856
  • 8.0.0–8.1.0
  • 7.0.0–7.2.0
  • 6.0.0–6.2.2
  • 5.0.0–5.4.1.win32
  • 4.0.0–4.3.0.win32
  • 3.0.0–3.4.2.win32
  • 2.0.0–2.9.0.win32
  • 1.0–1.7.8
CVE-2021-25292 Medium 6.5 CWE-185 0.00109 0.45196
  • 8.0.0–8.1.0
  • 7.0.0–7.2.0
  • 6.0.0–6.2.2
  • 5.0.0–5.4.1.win32
  • 4.0.0–4.3.0.win32
  • 3.0.0–3.4.2.win32
  • 2.0.0–2.9.0.win32
  • 1.0–1.7.8
CVE-2021-25293 High 7.5 CWE-125 0.00116 0.46856
  • 8.0.0–8.1.0
  • 7.0.0–7.2.0
  • 6.0.0–6.2.2
  • 5.0.0–5.4.1.win32
  • 4.0.0–4.3.0.win32
  • 3.0.0–3.4.2.win32
  • 2.0.0–2.9.0.win32
  • 1.0–1.7.8
CVE-2021-27921 High 7.5 CWE-400 0.00242 0.64937
  • 8.0.0–8.1.0
  • 7.0.0–7.2.0
  • 6.0.0–6.2.2
  • 5.0.0–5.4.1.win32
  • 4.0.0–4.3.0.win32
  • 3.0.0–3.4.2.win32
  • 2.0.0–2.9.0.win32
  • 1.0–1.7.8
CVE-2021-27922 High 7.5 CWE-400 0.00242 0.64937
  • 8.0.0–8.1.0
  • 7.0.0–7.2.0
  • 6.0.0–6.2.2
  • 5.0.0–5.4.1.win32
  • 4.0.0–4.3.0.win32
  • 3.0.0–3.4.2.win32
  • 2.0.0–2.9.0.win32
  • 1.0–1.7.8
CVE-2021-27923 High 7.5 CWE-400 0.00242 0.64937
  • 8.0.0–8.1.0
  • 7.0.0–7.2.0
  • 6.0.0–6.2.2
  • 5.0.0–5.4.1.win32
  • 4.0.0–4.3.0.win32
  • 3.0.0–3.4.2.win32
  • 2.0.0–2.9.0.win32
  • 1.0–1.7.8
CVE-2021-28675 Medium 5.5 CWE-252 0.00075 0.33798
  • 8.0.0–8.1.2
  • 7.0.0–7.2.0
  • 6.0.0–6.2.2
  • 5.0.0–5.4.1.win32
  • 4.0.0–4.3.0.win32
  • 3.0.0–3.4.2.win32
  • 2.0.0–2.9.0.win32
  • 1.0–1.7.8
CVE-2021-28676 High 7.5 CWE-835 0.00348 0.72456
  • 8.0.0–8.1.2
  • 7.0.0–7.2.0
  • 6.0.0–6.2.2
  • 5.0.0–5.4.1.win32
  • 4.0.0–4.3.0.win32
  • 3.0.0–3.4.2.win32
  • 2.0.0–2.9.0.win32
  • 1.0–1.7.8
CVE-2021-28677 High 7.5 0.00158 0.53258
  • 8.0.0–8.1.2
  • 7.0.0–7.2.0
  • 6.0.0–6.2.2
  • 5.0.0–5.4.1.win32
  • 4.0.0–4.3.0.win32
  • 3.0.0–3.4.2.win32
  • 2.0.0–2.9.0.win32
  • 1.0–1.7.8
CVE-2021-28678 Medium 5.5 CWE-345 0.00076 0.34161
  • 8.0.0–8.1.2
  • 7.0.0–7.2.0
  • 6.0.0–6.2.2
  • 5.0.0–5.4.1.win32
  • 4.0.0–4.3.0.win32
  • 3.0.0–3.4.2.win32
  • 2.0.0–2.9.0.win32
  • 1.0–1.7.8
CVE-2021-34552 High 9.8 CWE-120 0.00674 0.80415
  • 8.0.0–8.2.0
  • 7.0.0–7.2.0
  • 6.0.0–6.2.2
  • 5.0.0–5.4.1.win32
  • 4.0.0–4.3.0.win32
  • 3.0.0–3.4.2.win32
  • 2.0.0–2.9.0.win32
  • 1.0–1.7.8
CVE-2022-22815 High 9.8 CWE-665 0.00763 0.81755
  • 8.0.0–8.4.0
  • 7.0.0–7.2.0
  • 6.0.0–6.2.2
  • 5.0.0–5.4.1.win32
  • 4.0.0–4.3.0.win32
  • 3.0.0–3.4.2.win32
  • 2.0.0–2.9.0.win32
  • 1.0–1.7.8
CVE-2022-22816 High 9.8 CWE-125 0.00294 0.69936
  • 8.0.0–8.4.0
  • 7.0.0–7.2.0
  • 6.0.0–6.2.2
  • 5.0.0–5.4.1.win32
  • 4.0.0–4.3.0.win32
  • 3.0.0–3.4.2.win32
  • 2.0.0–2.9.0.win32
  • 1.0–1.7.8
CVE-2022-22817 High 9.8 0.00385 0.73837
  • 8.0.0–8.4.0
  • 7.0.0–7.2.0
  • 6.0.0–6.2.2
  • 5.0.0–5.4.1.win32
  • 4.0.0–4.3.0.win32
  • 3.0.0–3.4.2.win32
  • 2.0.0–2.9.0.win32
  • 1.0–1.7.8
CVE-2022-24303 High 9.1 0.00297 0.70045
  • 9.0.0
  • 8.0.0–8.4.0
  • 7.0.0–7.2.0
  • 6.0.0–6.2.2
  • 5.0.0–5.4.1.win32
  • 4.0.0–4.3.0.win32
  • 3.0.0–3.4.2.win32
  • 2.0.0–2.9.0.win32
  • 1.0–1.7.8
CVE-2014-9601 Medium 5.3 CWE-20, CWE-400 0.01593 0.87853
  • 2.0.0–2.7.0.win32
  • 1.0–1.7.8
CVE-2014-1933 Medium 4 CWE-264 0.00042 0.05119
  • 2.0.0–2.3.0.win32
  • 1.0–1.7.8
CVE-2014-1932 Medium 5.3 CWE-59 0.00089 0.39324
  • 2.0.0–2.3.0.win32
  • 1.0–1.7.8
CVE-2014-3007 High 10 CWE-78 0.0029 0.69752
  • 2.0.0–2.5.0.win32
  • 1.0–1.7.8
CVE-2014-3589 Medium 5.3 CWE-20, CWE-400 0.01718 0.88293
  • 2.0.0–2.5.2.win32
  • 1.0–1.7.8
CVE-2014-3598 Medium 5.3 CWE-399, CWE-400 0.00341 0.72197
  • 2.0.0–2.5.3.win32
  • 1.0–1.7.8
CVE-2022-30595 High 9.8 CWE-787 0.00171 0.551
  • 9.1.0

pillow Vulnerability Remediation Guidance

CVE Description Full list of Impacted Versions Fix
CVE-2022-30595 libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files. 9.1.0 Minor → 9.2.0
CVE-2022-24303 Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled. 2.8.0, 2.9.0, 2.8.1.win32, 2.8.1, 2.6.0, 3.1.0rc1, 2.8.2, 2.8.2.win32 (Show all) Major → 9.5.0
CVE-2022-22817 PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used 2.8.0, 2.9.0, 2.8.1.win32, 2.8.1, 2.6.0, 3.1.0rc1, 2.8.2, 2.8.2.win32 (Show all) Major → 9.5.0
CVE-2022-22816 path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. 2.8.0, 2.9.0, 2.8.1.win32, 2.8.1, 2.6.0, 3.1.0rc1, 2.8.2, 2.8.2.win32 (Show all) Major → 9.5.0
CVE-2022-22815 path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. 2.8.0, 2.9.0, 2.8.1.win32, 2.8.1, 2.6.0, 3.1.0rc1, 2.8.2, 2.8.2.win32 (Show all) Major → 9.5.0
CVE-2021-34552 Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c. 2.8.0, 2.9.0, 2.8.1.win32, 2.8.1, 2.6.0, 3.1.0rc1, 2.8.2, 2.8.2.win32 (Show all) Major → 9.5.0
CVE-2021-28678 An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data. 2.8.0, 2.9.0, 2.8.1.win32, 2.8.1, 2.6.0, 3.1.0rc1, 2.8.2, 2.8.2.win32 (Show all) Major → 9.5.0
CVE-2021-28677 An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a DoS of Pillow in the open phase, before an image was accepted for opening. 2.8.0, 2.9.0, 2.8.1.win32, 2.8.1, 2.6.0, 3.1.0rc1, 2.8.2, 2.8.2.win32 (Show all) Major → 9.5.0
CVE-2021-28676 An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load. 2.8.0, 2.9.0, 2.8.1.win32, 2.8.1, 2.6.0, 3.1.0rc1, 2.8.2, 2.8.2.win32 (Show all) Major → 9.5.0
CVE-2021-28675 An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load. 2.8.0, 2.9.0, 2.8.1.win32, 2.8.1, 2.6.0, 3.1.0rc1, 2.8.2, 2.8.2.win32 (Show all) Major → 9.5.0
CVE-2021-27923 Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large. 2.8.0, 2.9.0, 2.8.1.win32, 2.8.1, 2.6.0, 3.1.0rc1, 2.8.2, 2.8.2.win32 (Show all) Major → 9.5.0
CVE-2021-27922 Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large. 2.8.0, 2.9.0, 2.8.1.win32, 2.8.1, 2.6.0, 3.1.0rc1, 2.8.2, 2.8.2.win32 (Show all) Major → 9.5.0
CVE-2021-27921 Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. 2.8.0, 2.9.0, 2.8.1.win32, 2.8.1, 2.6.0, 3.1.0rc1, 2.8.2, 2.8.2.win32 (Show all) Major → 9.5.0
CVE-2021-25293 An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c. 2.8.0, 2.9.0, 2.8.1.win32, 2.8.1, 2.6.0, 3.1.0rc1, 2.8.2, 2.8.2.win32 (Show all) Major → 9.5.0
CVE-2021-25292 An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex. 2.8.0, 2.9.0, 2.8.1.win32, 2.8.1, 2.6.0, 3.1.0rc1, 2.8.2, 2.8.2.win32 (Show all) Major → 9.5.0
CVE-2021-25291 An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries. 2.8.0, 2.9.0, 2.8.1.win32, 2.8.1, 2.6.0, 3.1.0rc1, 2.8.2, 2.8.2.win32 (Show all) Major → 9.5.0
CVE-2021-25290 An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size. 2.8.0, 2.9.0, 2.8.1.win32, 2.8.1, 2.6.0, 3.1.0rc1, 2.8.2, 2.8.2.win32 (Show all) Major → 9.5.0
CVE-2021-25289 An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654. 2.8.0, 2.9.0, 2.8.1.win32, 2.8.1, 2.6.0, 3.1.0rc1, 2.8.2, 2.8.2.win32 (Show all) Major → 9.5.0
CVE-2021-25288 An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i. 2.8.0, 2.9.0, 2.8.1.win32, 2.8.1, 2.6.0, 3.1.0rc1, 2.8.2, 2.8.2.win32 (Show all) Major → 9.5.0
CVE-2021-25287 An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la. 2.8.0, 2.9.0, 2.8.1.win32, 2.8.1, 2.6.0, 3.1.0rc1, 2.8.2, 2.8.2.win32 (Show all) Major → 9.5.0
CVE-2021-23437 The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function. 2.8.0, 2.9.0, 2.8.1.win32, 2.8.1, 2.6.0, 3.1.0rc1, 2.8.2, 2.8.2.win32 (Show all) Major → 9.5.0
CVE-2020-5313 libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow. 2.8.0, 2.9.0, 2.8.1.win32, 2.8.1, 2.6.0, 3.1.0rc1, 2.8.2, 2.8.2.win32 (Show all) Major → 9.5.0
CVE-2020-5312 libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow. 2.8.0, 2.9.0, 2.8.1.win32, 2.8.1, 2.6.0, 3.1.0rc1, 2.8.2, 2.8.2.win32 (Show all) Major → 9.5.0
CVE-2020-5311 libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow. 2.8.0, 2.9.0, 2.8.1.win32, 2.8.1, 2.6.0, 3.1.0rc1, 2.8.2, 2.8.2.win32 (Show all) Major → 9.5.0
CVE-2020-5310 libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc. 2.8.0, 2.9.0, 2.8.1.win32, 2.8.1, 2.6.0, 3.1.0rc1, 2.8.2, 2.8.2.win32 (Show all) Major → 9.5.0
CVE-2020-35655 In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled. 2.8.0, 2.9.0, 2.8.1.win32, 2.8.1, 2.6.0, 3.1.0rc1, 2.8.2, 2.8.2.win32 (Show all) Major → 9.5.0
CVE-2020-35654 In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. 2.8.0, 2.9.0, 2.8.1.win32, 2.8.1, 2.6.0, 3.1.0rc1, 2.8.2, 2.8.2.win32 (Show all) Major → 9.5.0
CVE-2020-35653 In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations. 2.8.0, 2.9.0, 2.8.1.win32, 2.8.1, 2.6.0, 3.1.0rc1, 2.8.2, 2.8.2.win32 (Show all) Major → 9.5.0
CVE-2020-11538 In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311. 2.8.0, 2.9.0, 2.8.1.win32, 2.8.1, 2.6.0, 3.1.0rc1, 2.8.2, 2.8.2.win32 (Show all) Major → 9.5.0
CVE-2020-10994 In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file. 2.8.0, 2.9.0, 2.8.1.win32, 2.8.1, 2.6.0, 3.1.0rc1, 2.8.2, 2.8.2.win32 (Show all) Major → 9.5.0
CVE-2020-10379 In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c. 2.8.0, 2.9.0, 2.8.1.win32, 2.8.1, 2.6.0, 3.1.0rc1, 2.8.2, 2.8.2.win32 (Show all) Major → 9.5.0
CVE-2020-10378 In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer. 2.8.0, 2.9.0, 2.8.1.win32, 2.8.1, 2.6.0, 3.1.0rc1, 2.8.2, 2.8.2.win32 (Show all) Major → 9.5.0
CVE-2020-10177 Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c. 2.8.0, 2.9.0, 2.8.1.win32, 2.8.1, 2.6.0, 3.1.0rc1, 2.8.2, 2.8.2.win32 (Show all) Major → 9.5.0
CVE-2019-19911 There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux running 64-bit Python this results in the process being terminated by the OOM killer. 2.8.0, 2.9.0, 2.8.1.win32, 2.8.1, 2.6.0, 3.1.0rc1, 2.8.2, 2.8.2.win32 (Show all) Major → 9.5.0
CVE-2019-16865 An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image. 2.8.0, 2.9.0, 2.8.1.win32, 2.8.1, 2.6.0, 3.1.0rc1, 2.8.2, 2.8.2.win32 (Show all) Major → 9.5.0
CVE-2016-9190 Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component. 2.8.0, 2.9.0, 2.8.1.win32, 2.8.1, 2.6.0, 3.1.0rc1, 2.8.2, 2.8.2.win32 (Show all) Major → 9.5.0
CVE-2016-9189 Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component. 2.8.0, 2.9.0, 2.8.1.win32, 2.8.1, 2.6.0, 3.1.0rc1, 2.8.2, 2.8.2.win32 (Show all) Major → 9.5.0
CVE-2016-4009 Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow. 2.8.0, 2.9.0, 2.8.1.win32, 2.8.1, 2.6.0, 3.1.0rc1, 2.8.2, 2.8.2.win32 (Show all) Major → 9.5.0
CVE-2016-3076 Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file. 2.8.0, 2.9.0, 2.8.1.win32, 2.8.1, 2.6.0, 3.1.0rc1, 2.8.2, 2.8.2.win32 (Show all) Major → 9.5.0
CVE-2016-2533 Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file. 2.8.0, 2.9.0, 2.8.1.win32, 2.8.1, 2.6.0, 3.1.0rc1, 2.8.2, 2.8.2.win32 (Show all) Major → 9.5.0
CVE-2016-0775 Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file. 2.8.0, 2.9.0, 2.8.1.win32, 2.8.1, 2.6.0, 3.1.0rc1, 2.8.2, 2.8.2.win32 (Show all) Major → 9.5.0
CVE-2016-0740 Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file. 2.8.0, 2.9.0, 2.8.1.win32, 2.8.1, 2.6.0, 3.1.0rc1, 2.8.2, 2.8.2.win32 (Show all) Major → 9.5.0
CVE-2014-9601 Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed. 2.6.0, 1.6, 1.5, 2.5.2.win32, 2.6.2, 2.6.0.win32, 2.6.1, 1.4 (Show all) Major → 9.5.0
CVE-2014-3598 The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image. 1.6, 1.5, 2.5.2.win32, 1.4, 1.3, 2.3.0.win32, 1.2, 2.2.2.win32 (Show all) Patch → 9.5.0
CVE-2014-3589 PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size. 1.6, 1.5, 2.5.2.win32, 1.4, 1.3, 2.3.0.win32, 1.2, 2.2.2.win32 (Show all) Patch → 9.5.0
CVE-2014-3007 Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py. 1.6, 1.5, 1.4, 1.3, 2.3.0.win32, 1.2, 2.2.2.win32, 1.1 (Show all) Patch → 9.5.0
CVE-2014-1933 The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes. 1.6, 1.5, 1.4, 1.3, 2.3.0.win32, 1.2, 2.2.2.win32, 1.1 (Show all) Patch → 9.5.0
CVE-2014-1932 The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file. 1.6, 1.5, 1.4, 1.3, 2.3.0.win32, 1.2, 2.2.2.win32, 1.1 (Show all) Patch → 9.5.0

Instantly see if these pillow vulnerabilities affect your code.

Scan for Free

Dependencies

Packages using versions of pillow affected by its vulnerabilities

Dependent Packages
furo; extra == "docs"
olefile; extra == "docs"
sphinx>=8.1; extra == "docs"
sphinx-copybutton; extra == "docs"
sphinx-inline-tabs; extra == "docs"
sphinxext-opengraph; extra == "docs"
olefile; extra == "fpx"
olefile; extra == "mic"
check-manifest; extra == "tests"
coverage; extra == "tests"
defusedxml; extra == "tests"
markdown2; extra == "tests"
olefile; extra == "tests"
packaging; extra == "tests"
pyroma; extra == "tests"
pytest; extra == "tests"
pytest-cov; extra == "tests"
pytest-timeout; extra == "tests"
typing-extensions; python_version < "3.10" and extra == "typing"
defusedxml; extra == "xmp"