cbcvebase.

Python Pillow vulnerabilities

62 known vulnerabilities affecting python/pillow.

Total CVEs
62
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
2
Severity breakdown
CRITICAL11HIGH27MEDIUM23LOW1

Vulnerabilities

Page 3 of 4
CVE-2022-22815P4MEDIUMCVSS 6.5fixed in 9.0.02022-01-10
CVE-2022-22815 [MEDIUM] CWE-665 CVE-2022-22815: path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.
ghsanvdosv
CVE-2024-28219P4MEDIUMCVSS 5.9fixed in 10.3.02024-04-03
CVE-2024-28219 [MEDIUM] CWE-680 CVE-2024-28219: In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.
ghsanvdosv
CVE-2016-2533P4MEDIUMCVSS 6.5≤ 3.1.02016-04-13
CVE-2016-2533 [MEDIUM] CWE-119 CVE-2016-2533: Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Im Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file.
ghsanvdosv
CVE-2021-25292P4MEDIUMCVSS 6.5fixed in 8.1.12021-03-19
CVE-2021-25292 [MEDIUM] CWE-1333 CVE-2021-25292: An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDo An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.
ghsanvdosv
CVE-2016-0775P4MEDIUMCVSS 6.5≤ 3.1.02016-04-13
CVE-2016-0775 [MEDIUM] CWE-119 CVE-2016-0775: Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 al Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file.
ghsanvdosv
CVE-2020-35655P4MEDIUMCVSS 5.4≥ 4.3.0, < 8.1.02021-01-12
CVE-2020-35655 [MEDIUM] CWE-125 CVE-2020-35655: In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE ima In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.
ghsanvdosv
CVE-2025-48379P4MEDIUMCVSS 5.5v11.2.12025-07-01
CVE-2025-48379 [MEDIUM] CWE-122 CVE-2025-48379: Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer over Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. This issu
ghsanvdosv
CVE-2014-9601P4MEDIUMCVSS 5.0≤ 2.6.22015-01-16
CVE-2014-9601 [MEDIUM] CWE-20 CVE-2014-9601: Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed.
ghsanvdosv
CVE-2016-3076P4MEDIUMCVSS 5.5v2.5.0v2.5.1+12 more2017-04-24
CVE-2016-3076 [MEDIUM] CWE-119 CVE-2016-3076: Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows rem Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.
ghsanvdosv
CVE-2016-9189P4MEDIUMCVSS 5.5≤ 3.3.12016-11-04
CVE-2016-9189 [MEDIUM] CWE-190 CVE-2016-9189: Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component.
ghsanvdosv
CVE-2014-3598P4MEDIUMCVSS 5.0≤ 2.5.22015-05-01
CVE-2014-3598 [MEDIUM] CWE-399 CVE-2014-3598: The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of ser The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.
ghsanvdosv
CVE-2026-42309P4MEDIUMCVSS 5.5≥ 11.2.1, < 12.2.02026-05-09
CVE-2026-42309 [MEDIUM] CWE-122 CVE-2026-42309: Pillow is a Python imaging library. From version 11.2.1 to before version 12.2.0, passing nested lis Pillow is a Python imaging library. From version 11.2.1 to before version 12.2.0, passing nested lists as coordinates to APIs that accept coordinates such as ImagePath.Path, ImageDraw.ImageDraw.polygon and ImageDraw.ImageDraw.line could cause a heap buffer overflow, as nested lists were recursively unpacked beyond the allocated buffer. Coordinate li
ghsanvd
CVE-2014-3589P4MEDIUMCVSS 5.0≤ 2.3.1v2.3.0+3 more2014-08-25
CVE-2014-3589 [MEDIUM] CWE-20 CVE-2014-3589: PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5. PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.
ghsanvdosv
CVE-2020-10177P4MEDIUMCVSS 5.5fixed in 7.1.02020-06-25
CVE-2020-10177 [MEDIUM] CWE-125 CVE-2020-10177: Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c. Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c.
ghsanvdosv
CVE-2026-42310P4MEDIUMCVSS 5.5≥ 4.2.0, < 12.2.02026-05-09
CVE-2026-42310 [MEDIUM] CWE-835 CVE-2026-42310: Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can sup Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This issue has been patched in version 12.2.0.
ghsanvd
CVE-2020-10378P4MEDIUMCVSS 5.5fixed in 7.1.02020-06-25
CVE-2020-10378 [MEDIUM] CWE-125 CVE-2020-10378: In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX f In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer.
ghsanvdosv
CVE-2026-42308P4MEDIUMCVSS 5.5fixed in 12.2.02026-05-09
CVE-2026-42308 [MEDIUM] CWE-190 CVE-2026-42308: Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0.
ghsanvd
CVE-2020-10994P4MEDIUMCVSS 5.5fixed in 7.1.02020-06-25
CVE-2020-10994 [MEDIUM] CWE-125 CVE-2020-10994: In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a cr In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file.
ghsanvdosv
CVE-2021-28675P4MEDIUMCVSS 5.5fixed in 8.2.02021-06-02
CVE-2021-28675 [MEDIUM] CWE-252 CVE-2021-28675: An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load.
ghsanvdosv
CVE-2021-28678P4MEDIUMCVSS 5.5fixed in 8.2.02021-06-02
CVE-2021-28678 [MEDIUM] CWE-345 CVE-2021-28678: An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data.
ghsanvdosv
Python Pillow vulnerabilities | cvebase