python3-pillow (AlmaLinux:8) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the AlmaLinux:8 package python3-pillow, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (20)
CVE-2021-34552 — CVSS 9.8 (critical): Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a…
CVE-2022-22817 — CVSS 9.8 (critical): PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A…
CVE-2021-25287 — CVSS 9.1 (critical): An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.
CVE-2021-25288 — CVSS 9.1 (critical): An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i.
CVE-2023-50447 — CVSS 8.1 (high): Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than…
CVE-2021-27921 — CVSS 7.5 (high): Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is…
CVE-2021-27923 — CVSS 7.5 (high): Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is…
CVE-2023-44271 — CVSS 7.5 (high): An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task…
CVE-2021-28676 — CVSS 7.5 (high): An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero…
CVE-2021-28677 — CVSS 7.5 (high): An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any…
CVE-2021-27922 — CVSS 7.5 (high): Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is…
CVE-2021-25290 — CVSS 7.5 (high): An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.
CVE-2021-25293 — CVSS 7.5 (high): An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.
CVE-2020-35653 — CVSS 7.1 (high): In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted…
CVE-2024-28219 — CVSS 6.7 (medium): In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.
CVE-2022-22816 — CVSS 6.5 (medium): path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.
CVE-2021-25292 — CVSS 6.5 (medium): An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file…
CVE-2021-28678 — CVSS 5.5 (medium): An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file…
CVE-2021-28675 — CVSS 5.5 (medium): An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to…
CVE-2020-35655 — CVSS 5.4 (medium): In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length…