Debian Pillow vulnerabilities

CVE-2026-25990 [HIGH] CVE-2026-25990: pillow - Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bound... Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1. Scope: local bookworm: resolved bullseye: resolved forky: resolved (fixed in 12.1.1-1) sid: resolved (fixed in 12.1.1-1) trixie: resolved (fixed in 11.1.0-5+deb13u1)

CVE-2025-48379 [HIGH] CVE-2025-48379: pillow - Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there i... Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. This issue has been patched

CVE-2024-28219 [MEDIUM] CVE-2024-28219: pillow - In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcp... In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy. Scope: local bookworm: resolved (fixed in 9.4.0-1.1+deb12u1) bullseye: resolved (fixed in 8.1.2+dfsg-0.3+deb11u2) forky: resolved (fixed in 10.3.0-1) sid: resolved (fixed in 10.3.0-1) trixie: resolved (fixed in 10.3.0-1)

CVE-2023-50447 [CRITICAL] CVE-2023-50447: pillow - Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the... Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter). Scope: local bookworm: resolved (fixed in 9.4.0-1.1+deb12u1) bullseye: resolved (fixed in 8.1.2+dfsg-0.3+deb11u2) forky: resolved (fixed in 10.2.0-1) sid: resolved (fixed

CVE-2023-44271 [HIGH] CVE-2023-44271: pillow - An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that ... An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. Scope: local bookworm: resolved (fixed in 9.4.0-

CVE-2022-22817 [CRITICAL] CVE-2022-22817: pillow - PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary express... PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used. Scope: local bookworm: resolved (fixed in 9.0.0-1) bullseye: resolved (fixed in 8.1.2+dfsg-0.3+deb11u1) forky: resolved (fixed in 9.0.0-1) sid: resolved (fixed in 9.0.0-1) trixie: resolved (fix

CVE-2022-30595 [CRITICAL] CVE-2022-30595: pillow - libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the proc... libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files. Scope: local bookworm: resolved (fixed in 9.1.1-1) bullseye: resolved forky: resolved (fixed in 9.1.1-1) sid: resolved (fixed in 9.1.1-1) trixie: resolved (fixed in 9.1.1-1)

CVE-2022-24303 [CRITICAL] CVE-2022-24303: pillow - Pillow before 9.0.1 allows attackers to delete files because spaces in temporary... Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled. Scope: local bookworm: resolved (fixed in 9.0.1-1) bullseye: resolved (fixed in 8.1.2+dfsg-0.3+deb11u3) forky: resolved (fixed in 9.0.1-1) sid: resolved (fixed in 9.0.1-1) trixie: resolved (fixed in 9.0.1-1)

CVE-2022-45198 [HIGH] CVE-2022-45198: pillow - Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Da... Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification). Scope: local bookworm: resolved (fixed in 9.2.0-1) bullseye: resolved (fixed in 8.1.2+dfsg-0.3+deb11u3) forky: resolved (fixed in 9.2.0-1) sid: resolved (fixed in 9.2.0-1) trixie: resolved (fixed in 9.2.0-1)

CVE-2022-45199 [HIGH] CVE-2022-45199: pillow - Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL. Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL. Scope: local bookworm: resolved (fixed in 9.3.0-1) bullseye: resolved forky: resolved (fixed in 9.3.0-1) sid: resolved (fixed in 9.3.0-1) trixie: resolved (fixed in 9.3.0-1)

CVE-2022-22815 [MEDIUM] CVE-2022-22815: pillow - path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.P... path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. Scope: local bookworm: resolved (fixed in 9.0.0-1) bullseye: resolved (fixed in 8.1.2+dfsg-0.3+deb11u1) forky: resolved (fixed in 9.0.0-1) sid: resolved (fixed in 9.0.0-1) trixie: resolved (fixed in 9.0.0-1)

CVE-2022-22816 [MEDIUM] CVE-2022-22816: pillow - path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during init... path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. Scope: local bookworm: resolved (fixed in 9.0.0-1) bullseye: resolved (fixed in 8.1.2+dfsg-0.3+deb11u1) forky: resolved (fixed in 9.0.0-1) sid: resolved (fixed in 9.0.0-1) trixie: resolved (fixed in 9.0.0-1)

CVE-2021-34552 [CRITICAL] CVE-2021-34552: pillow - Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an... Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c. Scope: local bookworm: resolved (fixed in 8.1.2+dfsg-0.3) bullseye: resolved (fixed in 8.1.2+dfsg-0.3) forky: resolved (fixed in 8.1.2+dfsg-0.3) sid: resolved (fixed in

CVE-2021-27922 [HIGH] CVE-2021-27922: pillow - Pillow before 8.1.2 allows attackers to cause a denial of service (memory consum... Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large. Scope: local bookworm: resolved (fixed in 8.1.2-1) bullseye: resolved (fixed in 8.1.2-1) forky: resolved (fixed in 8.1.2-1) sid:

CVE-2021-25293 [HIGH] CVE-2021-25293: pillow - An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read i... An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c. Scope: local bookworm: resolved (fixed in 8.1.1-1) bullseye: resolved (fixed in 8.1.1-1) forky: resolved (fixed in 8.1.1-1) sid: resolved (fixed in 8.1.1-1) trixie: resolved (fixed in 8.1.1-1)

CVE-2021-25290 [HIGH] CVE-2021-25290: pillow - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a nega... An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size. Scope: local bookworm: resolved (fixed in 8.1.1-1) bullseye: resolved (fixed in 8.1.1-1) forky: resolved (fixed in 8.1.1-1) sid: resolved (fixed in 8.1.1-1) trixie: resolved (fixed in 8.1.1-1)

CVE-2021-28676 [HIGH] CVE-2021-28676: pillow - An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not ... An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load. Scope: local bookworm: resolved (fixed in 8.1.2+dfsg-0.2) bullseye: resolved (fixed in 8.1.2+dfsg-0.2) forky: resolved (fixed in 8.1.2+dfsg-0.2) sid: resolved (fixed in 8.1.2+dfsg-0.2) tri

CVE-2021-25289 [HIGH] CVE-2021-25289: pillow - An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buff... An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654. Scope: local bookworm: resolved (fixed in 8.1.1-1) bullseye: resolved (fixed in 8.1.1-1) forky: res

CVE-2021-27923 [HIGH] CVE-2021-27923: pillow - Pillow before 8.1.2 allows attackers to cause a denial of service (memory consum... Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large. Scope: local bookworm: resolved (fixed in 8.1.2-1) bullseye: resolved (fixed in 8.1.2-1) forky: resolved (fixed in 8.1.2-1) sid: r

CVE-2021-27921 [HIGH] CVE-2021-27921: pillow - Pillow before 8.1.2 allows attackers to cause a denial of service (memory consum... Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. Scope: local bookworm: resolved (fixed in 8.1.2-1) bullseye: resolved (fixed in 8.1.2-1) forky: resolved (fixed in 8.1.2-1) sid: re