pillow@1.7.7 vulnerabilities
Python Imaging Library (Fork)
-
latest version
11.0.0
-
latest non vulnerable version
-
first published
14 years ago
-
latest version published
a month ago
-
licenses detected
- [1.3,6.0.0)
Direct Vulnerabilities
Known vulnerabilities in the pillow package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
Affected versions of this package are vulnerable to Buffer Overflow via the How to fix Buffer Overflow? Upgrade |
[,10.3.0)
|
Affected versions of this package are vulnerable to Denial of Service (DoS) when using arbitrary strings as text input and the number of characters passed into How to fix Denial of Service (DoS)? Upgrade |
[,10.2.0)
|
Affected versions of this package are vulnerable to Denial of Service (DoS) if the size of individual glyphs extends beyond the bitmap image, when using How to fix Denial of Service (DoS)? Upgrade |
[,10.2.0)
|
Affected versions of this package are vulnerable to Eval Injection via the How to fix Eval Injection? Upgrade |
[,10.2.0)
|
Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') when the How to fix Uncontrolled Resource Consumption ('Resource Exhaustion')? Upgrade |
[,10.0.0)
|
Pillow is a PIL (Python Imaging Library) fork. Affected versions of this package are vulnerable to Heap-based Buffer Overflow when the Notes: This is only exploitable if the This vulnerability was also published on libwebp CVE-2023-5129 Changelog: 2023-09-12: Initial advisory publication 2023-09-27: Advisory details updated, including CVSS, references 2023-09-27: CVE-2023-5129 rejected as a duplicate of CVE-2023-4863 2023-09-28: Research and addition of additional affected libraries 2024-01-28: Additional fix information How to fix Heap-based Buffer Overflow? Upgrade |
[,10.0.1)
|
Affected versions of this package are vulnerable to Denial of Service (DoS) due to a missing GIF decompression bomb check. How to fix Denial of Service (DoS)? Upgrade |
[,9.2.0)
|
Pillow is a PIL (Python Imaging Library) fork. Affected versions of this package are vulnerable to Denial of Service (DoS) due to a missing GIF decompression bomb check. How to fix Denial of Service (DoS)? Upgrade |
[,9.2.0)
|
Pillow is a PIL (Python Imaging Library) fork. Affected versions of this package are vulnerable to Improper Input Validation. When the path to the temporary directory on Linux or macOS contained a space, this would break removal of the temporary image file after How to fix Improper Input Validation? Upgrade |
[,9.0.1)
|
Pillow is a PIL (Python Imaging Library) fork. Affected versions of this package are vulnerable to Buffer Over-read via the How to fix Buffer Over-read? Upgrade |
[,9.0.0)
|
Pillow is a PIL (Python Imaging Library) fork. Affected versions of this package are vulnerable to Improper Initialization of How to fix Improper Initialization? Upgrade |
[,9.0.0)
|
Pillow is a PIL (Python Imaging Library) fork. Affected versions of this package are vulnerable to Arbitrary Code Execution via How to fix Arbitrary Code Execution? Upgrade |
[,9.0.0)
|
Pillow is a PIL (Python Imaging Library) fork. Affected versions of this package are vulnerable to Denial of Service (DoS). The How to fix Denial of Service (DoS)? Upgrade |
[,9.0.0)
|
Pillow is a PIL (Python Imaging Library) fork. Affected versions of this package are vulnerable to Buffer Overflow. It allowed parameters passed into a convert function to trigger buffer overflow in How to fix Buffer Overflow? Upgrade |
[1.0,8.3.0)
|
Pillow is a PIL (Python Imaging Library) fork. Affected versions of this package are vulnerable to Denial of Service (DoS). Improper checks in How to fix Denial of Service (DoS)? Upgrade |
[,8.2.0)
|
Pillow is a PIL (Python Imaging Library) fork. Affected versions of this package are vulnerable to Denial of Service (DoS). This is due to improper checks in How to fix Denial of Service (DoS)? Upgrade |
[,8.2.0)
|
Pillow is a PIL (Python Imaging Library) fork. Affected versions of this package are vulnerable to Denial of Service (DoS). The readline in EPS use an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file can use this to perform a DoS in the open phase, before an image is accepted for opening. How to fix Denial of Service (DoS)? Upgrade |
[,8.2.0)
|
Pillow is a PIL (Python Imaging Library) fork. Affected versions of this package are vulnerable to Denial of Service (DoS). Improper checks in How to fix Denial of Service (DoS)? Upgrade |
[,8.2.0)
|
Pillow is a PIL (Python Imaging Library) fork. Affected versions of this package are vulnerable to Heap-based Buffer Overflow insufficent fix for How to fix Heap-based Buffer Overflow? Upgrade |
[,8.1.1)
|
Pillow is a PIL (Python Imaging Library) fork. Affected versions of this package are vulnerable to Insufficient Validation. In How to fix Insufficient Validation? Upgrade |
[,8.1.1)
|
Pillow is a PIL (Python Imaging Library) fork. Affected versions of this package are vulnerable to Denial of Service (DoS). This can happen in the How to fix Denial of Service (DoS)? Upgrade |
[,8.1.2)
|
Pillow is a PIL (Python Imaging Library) fork. Affected versions of this package are vulnerable to Denial of Service (DoS). This can happen in the How to fix Denial of Service (DoS)? Upgrade |
[,8.1.2)
|
Pillow is a PIL (Python Imaging Library) fork. Affected versions of this package are vulnerable to Denial of Service (DoS). This can happen in the How to fix Denial of Service (DoS)? Upgrade |
[,8.1.2)
|
Pillow is a PIL (Python Imaging Library) fork. Affected versions of this package are vulnerable to Out-of-bounds Read due to invalid tile boundaries lead. How to fix Out-of-bounds Read? Upgrade |
[,8.1.1)
|
Pillow is a PIL (Python Imaging Library) fork. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via How to fix Regular Expression Denial of Service (ReDoS)? Upgrade |
[0,8.1.1)
|
Pillow is a PIL (Python Imaging Library) fork. Affected versions of this package are vulnerable to Out-of-bounds Read. The PCX image decoder uses the reported image stride to calculate the row buffer, rather than calculating it from the image size. How to fix Out-of-bounds Read? Upgrade |
[,8.1.0)
|
Pillow is a PIL (Python Imaging Library) fork. Affected versions of this package are vulnerable to Command Injection in filenames that contain single quotes via How to fix Command Injection? Upgrade |
[,2.5.0)
|
Pillow is a PIL (Python Imaging Library) fork. Affected versions of this package are vulnerable to Buffer Overflow. Two Buffer Overflows exist in How to fix Buffer Overflow? Upgrade |
[,7.1.0)
|
Pillow is a PIL (Python Imaging Library) fork. Affected versions of this package are vulnerable to Out-of-bounds Read. In How to fix Out-of-bounds Read? Upgrade |
[0,7.1.0)
|
Pillow is a PIL (Python Imaging Library) fork. Affected versions of this package are vulnerable to Out-of-bounds Read. In How to fix Out-of-bounds Read? Upgrade |
[0,7.1.0)
|
Pillow is a PIL (Python Imaging Library) fork. Affected versions of this package are vulnerable to Out-of-bounds Read. In How to fix Out-of-bounds Read? Upgrade |
[,7.1.0)
|
Pillow is a PIL (Python Imaging Library) fork. Affected versions of this package are vulnerable to Out-of-Bounds. Multiple out-of-bounds reads exist in How to fix Out-of-Bounds? Upgrade |
[,7.1.0)
|
Pillow is a PIL (Python Imaging Library) fork. Affected versions of this package are vulnerable to Integer Overflow in How to fix Integer Overflow? Upgrade |
[,6.2.2)
|
Pillow is a PIL (Python Imaging Library) fork. Affected versions of this package are vulnerable to Buffer Overflow in How to fix Buffer Overflow? Upgrade |
[,6.2.2)
|
Pillow is a PIL (Python Imaging Library) fork. Affected versions of this package are vulnerable to Buffer Overflow in How to fix Buffer Overflow? Upgrade |
[,6.2.2)
|
Pillow is a PIL (Python Imaging Library) fork. Affected versions of this package are vulnerable to Buffer Overflow. How to fix Buffer Overflow? Upgrade |
[,6.2.2)
|
Pillow is a PIL (Python Imaging Library) fork. Affected versions of this package are vulnerable to Denial of Service (DoS). How to fix Denial of Service (DoS)? Upgrade |
[,6.2.2)
|
Pillow is a PIL (Python Imaging Library) fork. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image. How to fix Allocation of Resources Without Limits or Throttling? Upgrade |
[,6.2.0)
|
Affected versions of Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow. How to fix Denial of Service (DoS)? Upgrade |
[,3.1.1)
|
Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component. |
[,3.3.2)
|
Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component. |
[,3.3.2)
|
Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file. |
[,3.1.1)
|
Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file. |
[,3.1.1)
|
Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file. |
[,3.1.1)
|
PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size. |
[,2.3.2)
[2.5,2.5.2)
|
The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image. |
[,2.5.3)
|
Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed. |
[,2.7.0)
|
Affected versions of this package are vulnerable to Pillow: metacharacter injection issue attacks. Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py. How to fix Arbitrary Command Execution? Upgrade to version |
[,2.5.0)
|
Affected versions of this package are vulnerable to Symlink attacks due to insecurely creating temporary files.
The (1) How to fix Symlink Attack? Upgrade to version |
[,2.3.1)
|
Affected versions of this package are vulnerable to Symlink attacks due to insecurely creating temporary files.
The (1) How to fix Symlink Attack? Upgrade to version |
[,2.3.1)
|