Information on source package pillow

Available versions

ReleaseVersion
stretch4.0.0-4+deb9u1
buster5.4.1-2+deb10u2
buster (security)5.4.1-2+deb10u1
bullseye7.2.0-1
sid7.2.0-1

Open issues

BugstretchbusterbullseyesidDescription
CVE-2020-11538vulnerablefixedfixedfixedIn libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out- ...
CVE-2020-10177vulnerablefixedfixedfixedPillow before 7.1.0 has multiple out-of-bounds reads in libImaging/Fli ...
CVE-2019-16865vulnerable (no DSA, ignored)fixedfixedfixedAn issue was discovered in Pillow before 6.2.0. When reading specially ...

Open unimportant issues

BugstretchbusterbullseyesidDescription
CVE-2020-10994vulnerablevulnerablefixedfixedIn libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multipl ...

Resolved issues

BugDescription
CVE-2020-5313libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overfl ...
CVE-2020-5312libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer ...
CVE-2020-5311libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer ove ...
CVE-2020-5310libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding int ...
CVE-2020-10379In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/T ...
CVE-2020-10378In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds rea ...
CVE-2019-19911There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImage ...
CVE-2016-9190Pillow before 3.3.2 allows context-dependent attackers to execute arbi ...
CVE-2016-9189Pillow before 3.3.2 allows context-dependent attackers to obtain sensi ...
CVE-2016-4009Integer overflow in the ImagingResampleHorizontal function in libImagi ...
CVE-2016-3076Heap-based buffer overflow in the j2k_encode_entry function in Pillow ...
CVE-2016-2533Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pil ...
CVE-2016-0775Buffer overflow in the ImagingFliDecode function in libImaging/FliDeco ...
CVE-2016-0740Buffer overflow in the ImagingLibTiffDecode function in libImaging/Tif ...
CVE-2014-9601Pillow before 2.7.0 allows remote attackers to cause a denial of servi ...
CVE-2014-3598The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote atta ...
CVE-2014-3589PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow befo ...
CVE-2014-3007Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allo ...
CVE-2014-1933The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python ...
CVE-2014-1932The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript fun ...

Security announcements

DSA / DLADescription
DSA-4631-1pillow - security update
DLA-2057-1pillow - security update
DSA-3710-1pillow - security update
DSA-3499-1pillow - security update

Search for package or bug name: Reporting problems