cbcvebase.

Python Pillow vulnerabilities

62 known vulnerabilities affecting python/pillow.

Total CVEs
62
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
2
Severity breakdown
CRITICAL11HIGH27MEDIUM23LOW1

Vulnerabilities

Page 1 of 4
CVE-2023-4863P1HIGHKEVPoC≥ 0, < 10.0.12023-09-12
CVE-2023-4863 [HIGH] CWE-787 libwebp: OOB write in BuildHuffmanTable libwebp: OOB write in BuildHuffmanTable Heap buffer overflow in libwebp allow a remote attacker to perform an out of bounds memory write via a crafted HTML page.
ghsaosv
CVE-2014-3007P3CRITICALCVSS 10.0v2.3.02014-04-27
CVE-2014-3007 [CRITICAL] CVE-2014-3007: Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py.
ghsanvdosv
CVE-2022-22817P3CRITICALCVSS 9.8fixed in 9.0.12022-01-10
CVE-2022-22817 [CRITICAL] CVE-2022-22817: PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones t PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used.
ghsanvdosv
CVE-2021-34552P3CRITICALCVSS 9.8≥ 1.0, ≤ 1.1.7≥ 1.2, ≤ 8.2.02021-07-13
CVE-2021-34552 [CRITICAL] CWE-120 CVE-2021-34552: Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass co Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.
ghsanvdosv
CVE-2016-4009P3CRITICALCVSS 9.8≤ 3.1.02016-04-13
CVE-2016-4009 [CRITICAL] CWE-119 CVE-2016-4009: Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow.
ghsanvdosv
CVE-2020-5312P3CRITICALCVSS 9.8fixed in 6.2.22020-01-03
CVE-2020-5312 [CRITICAL] CWE-120 CVE-2020-5312: libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow. libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.
ghsanvdosv
CVE-2023-50447P3HIGHCVSS 8.1≤ 10.1.02024-01-19
CVE-2023-50447 [HIGH] CVE-2023-50447: Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment paramet Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).
ghsanvdosv
CVE-2022-30595P3CRITICALCVSS 9.8v9.1.02022-05-25
CVE-2022-30595 [CRITICAL] CWE-787 CVE-2022-30595: libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TG libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files.
ghsanvdosv
CVE-2020-5311P3CRITICALCVSS 9.8fixed in 6.2.22020-01-03
CVE-2020-5311 [CRITICAL] CWE-120 CVE-2020-5311: libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow. libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow.
ghsanvdosv
CVE-2022-24303P3CRITICALCVSS 9.1fixed in 9.0.12022-03-28
CVE-2022-24303 [CRITICAL] CVE-2022-24303: Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are misha Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.
ghsanvdosv
CVE-2021-25289P3CRITICALCVSS 9.8fixed in 8.1.12021-03-19
CVE-2021-25289 [CRITICAL] CVE-2021-25289: An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when dec An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.
ghsanvdosv
CVE-2020-35654P3HIGHCVSS 8.8fixed in 8.1.02021-01-12
CVE-2020-35654 [HIGH] CWE-787 CVE-2020-35654: In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr file In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.
ghsanvdosv
CVE-2021-25287P3CRITICALCVSS 9.1fixed in 8.2.02021-06-02
CVE-2021-25287 [CRITICAL] CWE-125 CVE-2021-25287: An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.
ghsanvdosv
CVE-2026-25990P3HIGHCVSS 7.5≥ 10.3.0, < 12.1.12026-02-11
CVE-2026-25990 [HIGH] CWE-787 CVE-2026-25990: Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, an out-of-bounds write may be trig Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, an out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.
ghsanvdosv
CVE-2021-25288P3CRITICALCVSS 9.1fixed in 8.2.02021-06-02
CVE-2021-25288 [CRITICAL] CWE-125 CVE-2021-25288: An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i.
ghsanvdosv
CVE-2026-40192P3HIGHCVSS 7.5≥ 10.3.0, < 12.2.02026-04-15
CVE-2026-40192 [HIGH] CWE-400 CVE-2026-40192: Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP- Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leading to denial of service (OOM crash or severe performance degradation). If
ghsanvd
CVE-2020-11538P3HIGHCVSS 8.1≤ 7.0.02020-06-25
CVE-2020-11538 [HIGH] CWE-125 CVE-2020-11538: In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the p In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311.
ghsanvdosv
CVE-2023-5129HIGHCVSS 8.8Exploited≥ 0, < 10.0.12023-10-05
CVE-2023-5129 [HIGH] Duplicate Advisory: Bundled libwebp in Pillow vulnerable Duplicate Advisory: Bundled libwebp in Pillow vulnerable ## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-56pw-mpj4-fxww. This link is maintained to preserve external references. ## Original Description Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). Pillow v10.0.1 upgrades the bundled libwebp bi
ghsaosv
CVE-2026-42311P3HIGHCVSS 7.8≥ 10.3.0, < 12.2.02026-05-09
CVE-2026-42311 [HIGH] CWE-190 CVE-2026-42311: Pillow is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malic Pillow is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution. This issue has been patched in version 12.2.0.
ghsanvd
CVE-2020-5310P3HIGHCVSS 8.8fixed in 6.2.22020-01-03
CVE-2020-5310 [HIGH] CWE-190 CVE-2020-5310: libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to real libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc.
ghsanvdosv
Python Pillow vulnerabilities | cvebase