pillow@8.4.0 vulnerabilities
Python Imaging Library (Fork)
-
latest version
11.0.0
-
latest non vulnerable version
-
first published
14 years ago
-
latest version published
a month ago
-
licenses detected
- [6.2.0,11.0.0)
Direct Vulnerabilities
Known vulnerabilities in the pillow package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
Affected versions of this package are vulnerable to Buffer Overflow via the How to fix Buffer Overflow? Upgrade |
[,10.3.0)
|
Affected versions of this package are vulnerable to Denial of Service (DoS) when using arbitrary strings as text input and the number of characters passed into How to fix Denial of Service (DoS)? Upgrade |
[,10.2.0)
|
Affected versions of this package are vulnerable to Denial of Service (DoS) if the size of individual glyphs extends beyond the bitmap image, when using How to fix Denial of Service (DoS)? Upgrade |
[,10.2.0)
|
Affected versions of this package are vulnerable to Eval Injection via the How to fix Eval Injection? Upgrade |
[,10.2.0)
|
Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') when the How to fix Uncontrolled Resource Consumption ('Resource Exhaustion')? Upgrade |
[,10.0.0)
|
Pillow is a PIL (Python Imaging Library) fork. Affected versions of this package are vulnerable to Heap-based Buffer Overflow when the Notes: This is only exploitable if the This vulnerability was also published on libwebp CVE-2023-5129 Changelog: 2023-09-12: Initial advisory publication 2023-09-27: Advisory details updated, including CVSS, references 2023-09-27: CVE-2023-5129 rejected as a duplicate of CVE-2023-4863 2023-09-28: Research and addition of additional affected libraries 2024-01-28: Additional fix information How to fix Heap-based Buffer Overflow? Upgrade |
[,10.0.1)
|
Affected versions of this package are vulnerable to Denial of Service (DoS) due to a missing GIF decompression bomb check. How to fix Denial of Service (DoS)? Upgrade |
[,9.2.0)
|
Pillow is a PIL (Python Imaging Library) fork. Affected versions of this package are vulnerable to Denial of Service (DoS) due to a missing GIF decompression bomb check. How to fix Denial of Service (DoS)? Upgrade |
[,9.2.0)
|
Pillow is a PIL (Python Imaging Library) fork. Affected versions of this package are vulnerable to Improper Input Validation. When the path to the temporary directory on Linux or macOS contained a space, this would break removal of the temporary image file after How to fix Improper Input Validation? Upgrade |
[,9.0.1)
|
Pillow is a PIL (Python Imaging Library) fork. Affected versions of this package are vulnerable to Buffer Over-read via the How to fix Buffer Over-read? Upgrade |
[,9.0.0)
|
Pillow is a PIL (Python Imaging Library) fork. Affected versions of this package are vulnerable to Improper Initialization of How to fix Improper Initialization? Upgrade |
[,9.0.0)
|
Pillow is a PIL (Python Imaging Library) fork. Affected versions of this package are vulnerable to Arbitrary Code Execution via How to fix Arbitrary Code Execution? Upgrade |
[,9.0.0)
|
Pillow is a PIL (Python Imaging Library) fork. Affected versions of this package are vulnerable to Denial of Service (DoS). The How to fix Denial of Service (DoS)? Upgrade |
[,9.0.0)
|