pillow@10.1.0 vulnerabilities

Python Imaging Library (Fork)

Known vulnerabilities in the pillow package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
H Buffer Overflow Affected versions of this package are vulnerable to Buffer Overflow via the `strcpy` function in `_imagingcms.c`, due to two calls that were able to copy too much data into fixed length strings. How to fix Buffer Overflow? Upgrade `pillow` to version 10.3.0 or higher.	[,10.3.0)
H Denial of Service (DoS) Affected versions of this package are vulnerable to Denial of Service (DoS) when using arbitrary strings as text input and the number of characters passed into `PIL.ImageFont.ImageFont.getmask()` is over a certain limit. This can lead to a system crash. How to fix Denial of Service (DoS)? Upgrade `pillow` to version 10.2.0 or higher.	[,10.2.0)
H Denial of Service (DoS) Affected versions of this package are vulnerable to Denial of Service (DoS) if the size of individual glyphs extends beyond the bitmap image, when using `PIL.ImageFont.ImageFont` function. Exploiting this vulnerability could lead to a system crash. How to fix Denial of Service (DoS)? Upgrade `pillow` to version 10.2.0 or higher.	[,10.2.0)
H Eval Injection Affected versions of this package are vulnerable to Eval Injection via the `PIL.ImageMath.eval` function when an attacker has control over the keys passed to the `environment` argument. How to fix Eval Injection? Upgrade `pillow` to version 10.2.0 or higher.	[,10.2.0)