pillow (pypi) security advisories

UNKNOWN

PyPI

CVE-2014-1932

Apr 17, 2014

UNKNOWN

PyPI

CVE-2022-45198

Nov 14, 2022

UNKNOWN

PyPI

CVE-2022-45199

Nov 14, 2022

UNKNOWN

PyPI

CVE-2023-44271

Nov 3, 2023

UNKNOWN

PyPI

CVE-2014-3589

Aug 25, 2014

UNKNOWN

PyPI

CVE-2016-3076

Apr 24, 2017

UNKNOWN

PyPI

CVE-2014-9601

Jan 16, 2015

UNKNOWN

PyPI

CVE-2014-3598

May 1, 2015

UNKNOWN

PyPI

CVE-2014-3007

Apr 27, 2014

MEDIUM 5.5

PyPI

CVE-2026-42308

Pillow has an integer overflow when processing fonts

May 4, 2026

MEDIUM 5.5

PyPI

CVE-2026-42308

May 9, 2026

MEDIUM 5.5

PyPI

CVE-2026-42310

Pillow has a PDF Parsing Trailer Infinite Loop (DoS)

May 4, 2026

UNKNOWN

PyPI

CVE-2026-42311

Pillow has an OOB Write with Invalid PSD Tile Extents (Integer Overflow)

May 4, 2026

MEDIUM 5.5

PyPI

CVE-2026-42309

Pillow has a heap buffer overflow with nested list coordinates

May 4, 2026

HIGH 7.5

PyPI

CVE-2026-40192

FITS GZIP decompression bomb in Pillow

Apr 13, 2026

UNKNOWN

PyPI

CVE-2026-25990

Pillow affected by out-of-bounds write when loading PSD images

Feb 11, 2026

MEDIUM 6.5

PyPI

CVE-2016-2533

Pillow buffer overflow in ImagingPcdDecode

Jul 24, 2018

UNKNOWN

PyPI

CVE-2016-2533

Apr 13, 2016

HIGH 7.1

PyPI

CVE-2025-48379

Pillow vulnerability can cause write buffer overflow on BCn encoding

Jul 1, 2025

HIGH 8.8

crates.io KEV

CVE-2023-4863

libwebp: OOB write in BuildHuffmanTable

Sep 12, 2023

UNKNOWN

PyPI

PYSEC-2023-175

Sep 20, 2023

HIGH 8.1

PyPI

CVE-2023-50447

Arbitrary Code Execution in Pillow

Jan 19, 2024

MEDIUM 6.7

PyPI

CVE-2024-28219

Pillow buffer overflow vulnerability

Apr 3, 2024

HIGH 7.5

PyPI

CVE-2021-27921

Pillow Denial of Service by Uncontrolled Resource Consumption

Mar 18, 2021

HIGH 7.5

PyPI

CVE-2021-27923

Pillow Denial of Service by Uncontrolled Resource Consumption

Mar 18, 2021

HIGH 7.5

PyPI

CVE-2021-27922

Pillow Uncontrolled Resource Consumption

Mar 18, 2021

UNKNOWN

PyPI

CVE-2025-48379

Jul 1, 2025

UNKNOWN

PyPI

CVE-2020-10379

Jun 25, 2020

HIGH 7.8

PyPI

CVE-2020-10379

Buffer overflow in Pillow

Jul 27, 2020

UNKNOWN

PyPI

CVE-2020-10378

Jun 25, 2020

MEDIUM 5.5

PyPI

CVE-2020-10378

Out-of-bounds read in Pillow

Nov 3, 2021

UNKNOWN

PyPI

GHSA-56pw-mpj4-fxww

Duplicate Advisory: Bundled libwebp in Pillow vulnerable

Oct 5, 2023

MEDIUM 4.0

PyPI

CVE-2014-1933

Pillow Temporary file name leakage

May 18, 2020

UNKNOWN

PyPI

GHSA-4fx9-vc88-q2xc

Infinite loop in Pillow

Mar 11, 2022

HIGH 7.5

PyPI

GHSA-jgpv-4h4c-xhw3

Uncontrolled Resource Consumption in pillow

Apr 23, 2021

HIGH 7.5

PyPI

CVE-2014-3598

Pillow is vulnerable to Denial of Service (DOS) in the Jpeg2KImagePlugin

May 14, 2022

HIGH 7.5

PyPI

CVE-2022-30595

Buffer over-flow in Pillow

May 26, 2022

CRITICAL 9.8

PyPI

CVE-2022-30595

May 25, 2022

HIGH 7.5

PyPI

CVE-2021-28677

Uncontrolled Resource Consumption in Pillow

Jun 8, 2021

MEDIUM 5.5

PyPI

CVE-2021-28678

Insufficient Verification of Data Authenticity in Pillow

Jun 8, 2021

HIGH 7.5

PyPI

CVE-2023-44271

Pillow Denial of Service vulnerability

Nov 3, 2023

HIGH 7.5

PyPI

CVE-2022-45199

Pillow subject to DoS via SAMPLESPERPIXEL tag

Nov 14, 2022

CRITICAL 9.1

PyPI

CVE-2022-24303

Path traversal in Pillow

Mar 11, 2022

HIGH 8.8

PyPI

CVE-2020-35654

Pillow Out-of-bounds Write

Mar 18, 2021

HIGH 7.5

PyPI

CVE-2022-45198

Pillow vulnerable to Data Amplification attack.

Nov 14, 2022

MEDIUM 6.5

PyPI

CVE-2022-22816

Out-of-bounds Read in Pillow

Jan 12, 2022

MEDIUM 6.5

PyPI

CVE-2022-22815

Improper Initialization in Pillow

Jan 12, 2022

CRITICAL 9.8

PyPI

CVE-2022-22817

Arbitrary expression injection in Pillow

Jan 12, 2022

HIGH 7.5

PyPI

CVE-2021-28676

Potential infinite loop in Pillow

Jun 8, 2021

MEDIUM 5.5

PyPI

CVE-2020-10177

Out-of-bounds reads in Pillow

Jul 27, 2020

CRITICAL 9.1

PyPI

CVE-2021-25288

Pillow Out-of-bounds Read vulnerability

Jun 8, 2021

HIGH 7.5

PyPI

CVE-2021-25291

Out of bounds read in Pillow

Mar 29, 2021

MEDIUM 5.5

PyPI

CVE-2016-3076

Pillow Buffer overflow in Jpeg2KEncode.c

May 17, 2022

CRITICAL 9.1

PyPI

CVE-2021-25287

Out-of-bounds Read in Pillow

Jun 8, 2021

MEDIUM 6.5

PyPI

CVE-2021-25292

Regular Expression Denial of Service (ReDoS) in Pillow

Mar 29, 2021

HIGH 7.5

PyPI

CVE-2019-16865

DOS attack in Pillow when processing specially crafted image files

Oct 22, 2019

CRITICAL 9.8

PyPI

CVE-2014-3007

Pillow command injection

May 17, 2022

CRITICAL 9.8

PyPI

CVE-2021-34552

Buffer Overflow in Pillow

Oct 5, 2021

HIGH 7.5

PyPI

CVE-2021-23437

Uncontrolled Resource Consumption in pillow

Sep 7, 2021

HIGH 7.5

PyPI

CVE-2014-9601

Pillow denial of service via PNG bomb

May 14, 2022

MEDIUM 6.5

PyPI

CVE-2016-0775

Pillow Buffer overflow in ImagingFliDecode

Jul 24, 2018

HIGH 7.5

PyPI

CVE-2021-25293

Out of bounds read in Pillow

Mar 29, 2021

HIGH 7.7

PyPI

CVE-2014-1932

PIL and Pillow Vulnerable to Symlink Attack on Tmpfiles

May 17, 2022

MEDIUM 5.5

PyPI

CVE-2021-28675

Pillow denial of service

Jun 8, 2021

HIGH 8.1

PyPI

CVE-2020-11538

Out-of-bounds read in Pillow

Jul 27, 2020

MEDIUM 5.5

PyPI

CVE-2020-10994

Out-of-bounds reads in Pillow

Jul 27, 2020

MEDIUM 6.5

PyPI

CVE-2016-0740

Pillow Buffer overflow in ImagingLibTiffDecode

Jul 24, 2018

CRITICAL 9.8

PyPI

CVE-2020-5312

PCX P mode buffer overflow in Pillow

Nov 3, 2021

HIGH 7.5

PyPI

CVE-2021-25290

Out-of-bounds Write in Pillow

Mar 29, 2021

HIGH 7.5

PyPI

CVE-2014-3589

Pillow denial of service via Crafted Block Size

May 14, 2022

MEDIUM 5.4

PyPI

CVE-2020-35655

Pillow Out-of-bounds Read

Mar 18, 2021

CRITICAL 9.8

PyPI

CVE-2020-5311

Buffer Copy without Checking Size of Input in Pillow

May 24, 2022

HIGH 7.5

PyPI

CVE-2019-19911

Uncontrolled Resource Consumption in Pillow

Apr 1, 2020

HIGH 8.8

PyPI

CVE-2020-5310

Integer overflow in Pillow

Nov 3, 2021

MEDIUM 5.5

PyPI

CVE-2016-9189

Pillow Integer overflow in Map.c

Jul 24, 2018

CRITICAL 9.8

PyPI

CVE-2021-25289

Out of bounds write in Pillow

Mar 29, 2021

HIGH 7.1

PyPI

CVE-2020-35653

Pillow Out-of-bounds Read

Mar 18, 2021

CRITICAL 9.8

PyPI

CVE-2016-4009

Pillow Integer overflow in ImagingResampleHorizontal

Jul 24, 2018

HIGH 7.1

PyPI

CVE-2020-5313

Out-of-bounds Read in Pillow

Apr 1, 2020

HIGH 7.8

PyPI

CVE-2016-9190

Arbitrary code using "crafted image file" approach affecting Pillow

Jul 12, 2018

UNKNOWN

PyPI

CVE-2022-24303

Mar 28, 2022

UNKNOWN

PyPI

CVE-2022-22817

Jan 10, 2022

UNKNOWN

PyPI

CVE-2022-22816

Jan 10, 2022

UNKNOWN

PyPI

CVE-2022-22815

Jan 10, 2022

UNKNOWN

PyPI

CVE-2021-34552

Jul 13, 2021

UNKNOWN

PyPI

CVE-2021-28678

Jun 2, 2021

UNKNOWN

PyPI

CVE-2021-28677

Jun 2, 2021

UNKNOWN

PyPI

CVE-2021-28676

Jun 2, 2021

UNKNOWN

PyPI

CVE-2021-28675

Jun 2, 2021

UNKNOWN

PyPI

CVE-2021-27923

Mar 3, 2021

UNKNOWN

PyPI

CVE-2021-27922

Mar 3, 2021

UNKNOWN

PyPI

CVE-2021-27921

Mar 3, 2021

UNKNOWN

PyPI

CVE-2021-25293

Mar 19, 2021

UNKNOWN

PyPI

CVE-2021-25292

Mar 19, 2021

UNKNOWN

PyPI

CVE-2021-25291

Mar 19, 2021

UNKNOWN

PyPI

CVE-2021-25290

Mar 19, 2021

UNKNOWN

PyPI

CVE-2021-25289

Mar 19, 2021

UNKNOWN

PyPI

CVE-2021-25288

Jun 2, 2021

UNKNOWN

PyPI

CVE-2021-25287

Jun 2, 2021

UNKNOWN

PyPI

CVE-2021-23437

Sep 3, 2021

pillow

Vulnerabilities

CVE-2014-1932

CVE-2022-45198

CVE-2022-45199

CVE-2023-44271

CVE-2014-3589

CVE-2016-3076

CVE-2014-9601

CVE-2014-3598

CVE-2014-3007

Pillow has an integer overflow when processing fonts

CVE-2026-42308

Pillow has a PDF Parsing Trailer Infinite Loop (DoS)

Pillow has an OOB Write with Invalid PSD Tile Extents (Integer Overflow)

Pillow has a heap buffer overflow with nested list coordinates

FITS GZIP decompression bomb in Pillow

Pillow affected by out-of-bounds write when loading PSD images

Pillow buffer overflow in ImagingPcdDecode

CVE-2016-2533

Pillow vulnerability can cause write buffer overflow on BCn encoding

libwebp: OOB write in BuildHuffmanTable

PYSEC-2023-175

Arbitrary Code Execution in Pillow

Pillow buffer overflow vulnerability

Pillow Denial of Service by Uncontrolled Resource Consumption

Pillow Denial of Service by Uncontrolled Resource Consumption

Pillow Uncontrolled Resource Consumption

CVE-2025-48379

CVE-2020-10379

Buffer overflow in Pillow

CVE-2020-10378

Out-of-bounds read in Pillow

Duplicate Advisory: Bundled libwebp in Pillow vulnerable

Pillow Temporary file name leakage

Infinite loop in Pillow

Uncontrolled Resource Consumption in pillow

Pillow is vulnerable to Denial of Service (DOS) in the Jpeg2KImagePlugin

Buffer over-flow in Pillow

CVE-2022-30595

Uncontrolled Resource Consumption in Pillow

Insufficient Verification of Data Authenticity in Pillow

Pillow Denial of Service vulnerability

Pillow subject to DoS via SAMPLESPERPIXEL tag

Path traversal in Pillow

Pillow Out-of-bounds Write

Pillow vulnerable to Data Amplification attack.

Out-of-bounds Read in Pillow

Improper Initialization in Pillow

Arbitrary expression injection in Pillow

Potential infinite loop in Pillow

Out-of-bounds reads in Pillow

Pillow Out-of-bounds Read vulnerability

Out of bounds read in Pillow

Pillow Buffer overflow in Jpeg2KEncode.c

Out-of-bounds Read in Pillow

Regular Expression Denial of Service (ReDoS) in Pillow

DOS attack in Pillow when processing specially crafted image files

Pillow command injection

Buffer Overflow in Pillow

Uncontrolled Resource Consumption in pillow

Pillow denial of service via PNG bomb

Pillow Buffer overflow in ImagingFliDecode

Out of bounds read in Pillow

PIL and Pillow Vulnerable to Symlink Attack on Tmpfiles

Pillow denial of service

Out-of-bounds read in Pillow

Out-of-bounds reads in Pillow

Pillow Buffer overflow in ImagingLibTiffDecode

PCX P mode buffer overflow in Pillow

Out-of-bounds Write in Pillow

Pillow denial of service via Crafted Block Size

Pillow Out-of-bounds Read

Buffer Copy without Checking Size of Input in Pillow

Uncontrolled Resource Consumption in Pillow

Integer overflow in Pillow

Pillow Integer overflow in Map.c

Out of bounds write in Pillow

Pillow Out-of-bounds Read

Pillow Integer overflow in ImagingResampleHorizontal