| CVE-2023-4863 |
high |
— |
9.5 |
|
|
|
3y ago |
Google Chromium WebP contains a heap-based buffer overflow vulnerability that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. This vulnerability can affect … |
| CVE-2025-48379 |
high |
— |
8.0 |
|
|
|
11mo ago |
Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format… |
| CVE-2023-50447 |
high |
— |
8.0 |
|
|
|
2y ago |
RHSA-2024:0893: python-pillow security update (Important) |
| CVE-2023-5129 |
high |
— |
8.0 |
|
|
|
3y ago |
RHSA-2023:5309: libwebp security update (Important) |
| CVE-2020-5311 |
high |
— |
8.0 |
|
|
|
4y ago |
RHSA-2020:0580: python-pillow security update (Important) |
| CVE-2022-22815 |
high |
— |
8.0 |
|
|
|
4y ago |
RHSA-2022:0643: python-pillow security update (Important) |
| CVE-2022-22816 |
high |
— |
8.0 |
|
|
|
4y ago |
RHSA-2022:0643: python-pillow security update (Important) |
| CVE-2022-22817 |
high |
— |
8.0 |
|
|
|
4y ago |
RHSA-2022:0643: python-pillow security update (Important) |
| CVE-2020-5312 |
high |
— |
8.0 |
|
|
|
5y ago |
RHSA-2020:0580: python-pillow security update (Important) |
| CVE-2020-11538 |
high |
— |
8.0 |
|
|
|
6y ago |
RHSA-2020:3185: python-pillow security update (Important) |
| CVE-2020-5313 |
high |
— |
8.0 |
|
|
|
6y ago |
RHSA-2020:3185: python-pillow security update (Important) |
| CVE-2019-16865 |
high |
— |
8.0 |
|
|
|
7y ago |
RHSA-2020:0580: python-pillow security update (Important) |
| CVE-2026-42311 |
high |
7.8 |
7.8 |
|
|
|
26d ago |
Pillow has an OOB Write with Invalid PSD Tile Extents (Integer Overflow) |
| CVE-2016-9190 |
high |
7.8 |
7.8 |
|
|
|
10y ago |
Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in … |
| CVE-2026-25990 |
high |
7.5 |
7.5 |
|
|
|
4mo ago |
Pillow affected by out-of-bounds write when loading PSD images |
| CVE-2016-2533 |
medium |
6.5 |
6.5 |
|
|
|
8y ago |
Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) … |
| CVE-2016-0775 |
medium |
6.5 |
6.5 |
|
|
|
10y ago |
Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file. |
| CVE-2016-0740 |
medium |
6.5 |
6.5 |
|
|
|
10y ago |
Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file. |
| CVE-2026-42310 |
medium |
5.5 |
5.5 |
|
|
|
26d ago |
Pillow has a PDF Parsing Trailer Infinite Loop (DoS) |
| CVE-2026-42308 |
medium |
5.5 |
5.5 |
|
|
|
26d ago |
Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer… |
| CVE-2026-42309 |
medium |
5.5 |
5.5 |
|
|
|
1mo ago |
Pillow has a heap buffer overflow with nested list coordinates |
| CVE-2024-28219 |
medium |
— |
5.5 |
|
|
|
2y ago |
RHSA-2024:4227: python-pillow security update (Moderate) |
| CVE-2023-44271 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2024:3005: python-pillow security update (Moderate) |
| CVE-2021-34552 |
medium |
— |
5.5 |
|
|
|
5y ago |
RHSA-2021:4149: python-pillow security update (Moderate) |
| CVE-2021-28677 |
medium |
— |
5.5 |
|
|
|
5y ago |
RHSA-2021:4149: python-pillow security update (Moderate) |
| CVE-2021-25288 |
medium |
— |
5.5 |
|
|
|
5y ago |
RHSA-2021:4149: python-pillow security update (Moderate) |
| CVE-2021-28678 |
medium |
— |
5.5 |
|
|
|
5y ago |
RHSA-2021:4149: python-pillow security update (Moderate) |
| CVE-2021-28675 |
medium |
— |
5.5 |
|
|
|
5y ago |
RHSA-2021:4149: python-pillow security update (Moderate) |
| CVE-2021-25287 |
medium |
— |
5.5 |
|
|
|
5y ago |
RHSA-2021:4149: python-pillow security update (Moderate) |
| CVE-2021-28676 |
medium |
— |
5.5 |
|
|
|
5y ago |
RHSA-2021:4149: python-pillow security update (Moderate) |
| CVE-2021-25291 |
medium |
— |
5.5 |
|
|
|
5y ago |
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries. |
| CVE-2021-25292 |
medium |
— |
5.5 |
|
|
|
5y ago |
RHSA-2021:4149: python-pillow security update (Moderate) |
| CVE-2021-25290 |
medium |
— |
5.5 |
|
|
|
5y ago |
RHSA-2021:4149: python-pillow security update (Moderate) |
| CVE-2021-25293 |
medium |
— |
5.5 |
|
|
|
5y ago |
RHSA-2021:4149: python-pillow security update (Moderate) |
| CVE-2021-25289 |
medium |
— |
5.5 |
|
|
|
5y ago |
An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NO… |
| CVE-2020-35653 |
medium |
— |
5.5 |
|
|
|
5y ago |
RHSA-2021:4149: python-pillow security update (Moderate) |
| CVE-2020-35655 |
medium |
— |
5.5 |
|
|
|
5y ago |
RHSA-2021:4149: python-pillow security update (Moderate) |
| CVE-2020-35654 |
medium |
— |
5.5 |
|
|
|
5y ago |
In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. |
| CVE-2021-27922 |
medium |
— |
5.5 |
|
|
|
5y ago |
RHSA-2021:4149: python-pillow security update (Moderate) |
| CVE-2021-27921 |
medium |
— |
5.5 |
|
|
|
5y ago |
RHSA-2021:4149: python-pillow security update (Moderate) |
| CVE-2021-27923 |
medium |
— |
5.5 |
|
|
|
5y ago |
RHSA-2021:4149: python-pillow security update (Moderate) |
| CVE-2016-3076 |
medium |
5.5 |
5.5 |
|
|
|
9y ago |
Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file. |
| CVE-2016-9189 |
medium |
5.5 |
5.5 |
|
|
|
10y ago |
Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_… |
| CVE-2014-3598 |
medium |
— |
5.0 |
|
|
|
11y ago |
The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image. |
| CVE-2014-9601 |
medium |
— |
5.0 |
|
|
|
12y ago |
Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed. |
| CVE-2014-3589 |
medium |
— |
5.0 |
|
|
|
12y ago |
PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size. |
| CVE-2014-1932 |
medium |
— |
4.4 |
|
|
|
12y ago |
The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (… |
