pillow vulnerabilities

Known vulnerabilities in the pillow package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
L CVE-2024-28219	<5.4.1-2+deb10u6
H Arbitrary Code Injection	<5.4.1-2+deb10u4
H Allocation of Resources Without Limits or Throttling	<5.4.1-2+deb10u5
L CVE-2022-24303	*
C CVE-2022-22817	<5.4.1-2+deb10u5
M Improper Initialization	<5.4.1-2+deb10u3
M Out-of-bounds Read	<5.4.1-2+deb10u3
H Out-of-bounds Read	<5.4.1-2+deb10u5
C Buffer Overflow	<5.4.1-2+deb10u3
L Unchecked Return Value	*
L Out-of-bounds Read	*
M Insufficient Verification of Data Authenticity	<5.4.1-2+deb10u3
L Out-of-bounds Read	*
H CVE-2021-28677	<5.4.1-2+deb10u3
L Loop with Unreachable Exit Condition ('Infinite Loop')	*
L Out-of-bounds Read	*
M CVE-2021-25292	<5.4.1-2+deb10u3
H Out-of-bounds Write	<5.4.1-2+deb10u3
H Resource Exhaustion	<5.4.1-2+deb10u3
H Resource Exhaustion	<5.4.1-2+deb10u3
H Resource Exhaustion	<5.4.1-2+deb10u3
M Out-of-bounds Read	<5.4.1-2+deb10u3
H Out-of-bounds Read	<5.4.1-2+deb10u3
M Out-of-bounds Read	<5.4.1-2+deb10u2
M Out-of-bounds Read	<5.4.1-2+deb10u2
L Out-of-bounds Read	*
H Out-of-bounds Read	<5.4.1-2+deb10u2
H Integer Overflow or Wraparound	<5.4.1-2+deb10u1
C Buffer Overflow	<5.4.1-2+deb10u1
C Buffer Overflow	<5.4.1-2+deb10u1
H Out-of-bounds Read	<5.4.1-2+deb10u1
H Allocation of Resources Without Limits or Throttling	<5.4.1-2+deb10u1
L Out-of-Bounds	<3.2.0-1
M Integer Overflow or Wraparound	<3.4.2-1
H Improper Access Control	<3.4.2-1
M Out-of-Bounds	<3.1.1-1
M Out-of-Bounds	<3.1.1-1
C Out-of-Bounds	<3.1.1-1
M Out-of-Bounds	<3.1.1-1
M Resource Management Errors	<2.5.3-1
M Improper Input Validation	<2.6.1-2
M Improper Input Validation	<2.5.3-1
C OS Command Injection	<2.4.0-1
L Access Restriction Bypass	<2.4.0-1
L Link Following	<2.4.0-1

Vulnerability

Vulnerable Version

CVE-2024-28219

<5.4.1-2+deb10u6

Arbitrary Code Injection

<5.4.1-2+deb10u4

Allocation of Resources Without Limits or Throttling

<5.4.1-2+deb10u5

CVE-2022-24303