Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 38 results


CVE-2024-28219

Medium priority
Fixed

In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.

2 affected packages

pillow, pillow-python2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pillow Fixed Fixed Fixed Fixed Fixed
pillow-python2 Not in release Not in release Fixed
Show less packages

CVE-2023-50447

Medium priority

Some fixes available 4 of 9

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).

2 affected packages

pillow, pillow-python2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pillow Fixed Fixed Fixed Needs evaluation Needs evaluation
pillow-python2 Not in release Not in release Needs evaluation Not in release Not in release
Show less packages

CVE-2023-44271

Low priority

Some fixes available 2 of 7

An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs...

2 affected packages

pillow, pillow-python2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pillow Not affected Fixed Fixed Needs evaluation Needs evaluation
pillow-python2 Not in release Not in release Needs evaluation Not in release Not in release
Show less packages

CVE-2022-45199

Low priority
Not affected

Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.

2 affected packages

pillow, pillow-python2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pillow Not affected Not affected Not affected Not affected
pillow-python2 Not in release Not affected Not in release Not in release
Show less packages

CVE-2022-45198

Low priority
Fixed

Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).

2 affected packages

pillow, pillow-python2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pillow Not affected Fixed Fixed Not affected Not affected
pillow-python2 Not in release Fixed Not in release Not in release
Show less packages

CVE-2022-30595

Medium priority
Not affected

libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files.

2 affected packages

pillow, pillow-python2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pillow Not affected Not affected Not affected Not affected
pillow-python2 Not in release Not affected Not in release Not in release
Show less packages

CVE-2022-24303

Low priority

Some fixes available 2 of 3

Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.

2 affected packages

pillow, pillow-python2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pillow Not affected Not affected Fixed Not affected Not affected
pillow-python2 Not in release Not in release Fixed Not in release Not in release
Show less packages

CVE-2022-22817

Medium priority

Some fixes available 4 of 7

PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used.

3 affected packages

pillow, pillow-python2, python-imaging

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pillow Not affected Not affected Fixed Fixed Vulnerable
pillow-python2 Not in release Not in release Needs evaluation Not in release Not in release
python-imaging Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2022-22816

Low priority

Some fixes available 11 of 12

path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.

3 affected packages

pillow, pillow-python2, python-imaging

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pillow Fixed Fixed Fixed Fixed Fixed
pillow-python2 Not in release Not in release Needs evaluation Not in release Not in release
python-imaging Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2022-22815

Medium priority

Some fixes available 11 of 12

path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.

3 affected packages

pillow, pillow-python2, python-imaging

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pillow Fixed Fixed Fixed Fixed Fixed
pillow-python2 Not in release Not in release Needs evaluation Not in release Not in release
python-imaging Not in release Not in release Not in release Not in release Not in release
Show less packages