| Release | Version |
|---|---|
| jessie | 2.6.1-2+deb8u3 |
| jessie (security) | 2.6.1-2+deb8u4 |
| stretch | 4.0.0-4 |
| buster | 5.4.1-2 |
| bullseye | 6.2.1-2 |
| sid | 7.0.0-3 |
| Bug | jessie | stretch | buster | bullseye | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2020-5313 | fixed | vulnerable | vulnerable | vulnerable | fixed | libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overfl ... |
| CVE-2020-5312 | fixed | vulnerable | vulnerable | vulnerable | fixed | libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer ... |
| CVE-2020-5311 | fixed | vulnerable | vulnerable | vulnerable | fixed | libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer ove ... |
| CVE-2020-5310 | fixed | vulnerable | vulnerable | vulnerable | fixed | libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding int ... |
| CVE-2019-19911 | fixed | vulnerable | vulnerable | vulnerable | fixed | There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImage ... |
| CVE-2019-16865 | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | An issue was discovered in Pillow before 6.2.0. When reading specially ... |
| Bug | jessie | stretch | buster | bullseye | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2016-3076 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | Heap-based buffer overflow in the j2k_encode_entry function in Pillow ... |
| Bug | Description |
|---|---|
| CVE-2016-9190 | Pillow before 3.3.2 allows context-dependent attackers to execute arbi ... |
| CVE-2016-9189 | Pillow before 3.3.2 allows context-dependent attackers to obtain sensi ... |
| CVE-2016-4009 | Integer overflow in the ImagingResampleHorizontal function in libImagi ... |
| CVE-2016-2533 | Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pil ... |
| CVE-2016-0775 | Buffer overflow in the ImagingFliDecode function in libImaging/FliDeco ... |
| CVE-2016-0740 | Buffer overflow in the ImagingLibTiffDecode function in libImaging/Tif ... |
| CVE-2014-9601 | Pillow before 2.7.0 allows remote attackers to cause a denial of servi ... |
| CVE-2014-3598 | The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote atta ... |
| CVE-2014-3589 | PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow befo ... |
| CVE-2014-3007 | Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allo ... |
| CVE-2014-1933 | The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python ... |
| CVE-2014-1932 | The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript fun ... |
| DSA / DLA | Description |
|---|---|
| DLA-2057-1 | pillow - security update |
| DSA-3710-1 | pillow - security update |
| DSA-3499-1 | pillow - security update |