python-Pillow (SUSE:Linux Enterprise Module for Package Hub 15 SP6) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Package Hub 15 SP6 package python-Pillow, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (13)
CVE-2021-25289 — CVSS 9.8 (critical): An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of…
CVE-2021-34552 — CVSS 9.8 (critical): Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a…
CVE-2020-35654 — CVSS 8.8 (high): In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation…
CVE-2021-25293 — CVSS 7.5 (high): An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.
CVE-2021-27921 — CVSS 7.5 (high): Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is…
CVE-2021-27922 — CVSS 7.5 (high): Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is…
CVE-2021-27923 — CVSS 7.5 (high): Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is…
CVE-2022-45198 — CVSS 7.5 (high): Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).
CVE-2021-23437 — CVSS 7.5 (high): The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.
CVE-2021-25290 — CVSS 7.5 (high): An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.
CVE-2022-22816 — CVSS 6.5 (medium): path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.
CVE-2021-25292 — CVSS 6.5 (medium): An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file…