pillow@9.1.1 vulnerabilities
Python Imaging Library (Fork)
-
latest version
11.0.0
-
latest non vulnerable version
-
first published
14 years ago
-
latest version published
a month ago
-
licenses detected
- [6.2.0,11.0.0)
Direct Vulnerabilities
Known vulnerabilities in the pillow package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
Affected versions of this package are vulnerable to Incorrect Type Conversion or Cast due to improper data type handling for BLP1 image data with JPEG compression. When decoding this data in the incorrect mode ( How to fix Incorrect Type Conversion or Cast? Upgrade |
[9.1.0,9.3.0)
|
Affected versions of this package are vulnerable to Buffer Overflow via the How to fix Buffer Overflow? Upgrade |
[,10.3.0)
|
Affected versions of this package are vulnerable to Denial of Service (DoS) when using arbitrary strings as text input and the number of characters passed into How to fix Denial of Service (DoS)? Upgrade |
[,10.2.0)
|
Affected versions of this package are vulnerable to Denial of Service (DoS) if the size of individual glyphs extends beyond the bitmap image, when using How to fix Denial of Service (DoS)? Upgrade |
[,10.2.0)
|
Affected versions of this package are vulnerable to Eval Injection via the How to fix Eval Injection? Upgrade |
[,10.2.0)
|
Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') when the How to fix Uncontrolled Resource Consumption ('Resource Exhaustion')? Upgrade |
[,10.0.0)
|
Pillow is a PIL (Python Imaging Library) fork. Affected versions of this package are vulnerable to Heap-based Buffer Overflow when the Notes: This is only exploitable if the This vulnerability was also published on libwebp CVE-2023-5129 Changelog: 2023-09-12: Initial advisory publication 2023-09-27: Advisory details updated, including CVSS, references 2023-09-27: CVE-2023-5129 rejected as a duplicate of CVE-2023-4863 2023-09-28: Research and addition of additional affected libraries 2024-01-28: Additional fix information How to fix Heap-based Buffer Overflow? Upgrade |
[,10.0.1)
|
Affected versions of this package are vulnerable to Denial of Service (DoS) due to a segmentation fault when decoding BLP JPEG compressed CMYK data in BGRX mode. How to fix Denial of Service (DoS)? Upgrade |
[9.1.0,9.4.0)
|
Affected versions of this package are vulnerable to Denial of Service (DoS) due to a missing GIF decompression bomb check. How to fix Denial of Service (DoS)? Upgrade |
[,9.2.0)
|
Pillow is a PIL (Python Imaging Library) fork. Affected versions of this package are vulnerable to Denial of Service (DoS) due to a missing GIF decompression bomb check. How to fix Denial of Service (DoS)? Upgrade |
[,9.2.0)
|