Information on source package pillow

Available versions

Release	Version
stretch	4.0.0-4+deb9u1
stretch (security)	4.0.0-4+deb9u2
buster	5.4.1-2+deb10u2
buster (security)	5.4.1-2+deb10u1
bullseye	8.1.0-1
sid	8.1.0-1

Open issues

Bug	stretch	buster	bullseye	sid	Description
CVE-2020-35655	vulnerable	vulnerable	fixed	fixed	In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read whe ...
CVE-2020-35654	vulnerable	vulnerable	fixed	fixed	In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow wh ...
CVE-2020-35653	vulnerable	vulnerable	fixed	fixed	In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding ...
CVE-2019-16865	vulnerable (no DSA, ignored)	fixed	fixed	fixed	An issue was discovered in Pillow before 6.2.0. When reading specially ...

Open unimportant issues

Bug	stretch	buster	bullseye	sid	Description
CVE-2020-10994	vulnerable	vulnerable	fixed	fixed	In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multipl ...

Resolved issues

Bug	Description
CVE-2020-5313	libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overfl ...
CVE-2020-5312	libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer ...
CVE-2020-5311	libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer ove ...
CVE-2020-5310	libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding int ...
CVE-2020-11538	In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out- ...
CVE-2020-10379	In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/T ...
CVE-2020-10378	In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds rea ...
CVE-2020-10177	Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/Fli ...
CVE-2019-19911	There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImage ...
CVE-2016-9190	Pillow before 3.3.2 allows context-dependent attackers to execute arbi ...
CVE-2016-9189	Pillow before 3.3.2 allows context-dependent attackers to obtain sensi ...
CVE-2016-4009	Integer overflow in the ImagingResampleHorizontal function in libImagi ...
CVE-2016-3076	Heap-based buffer overflow in the j2k_encode_entry function in Pillow ...
CVE-2016-2533	Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pil ...
CVE-2016-0775	Buffer overflow in the ImagingFliDecode function in libImaging/FliDeco ...
CVE-2016-0740	Buffer overflow in the ImagingLibTiffDecode function in libImaging/Tif ...
CVE-2014-9601	Pillow before 2.7.0 allows remote attackers to cause a denial of servi ...
CVE-2014-3598	The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote atta ...
CVE-2014-3589	PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow befo ...
CVE-2014-3007	Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allo ...
CVE-2014-1933	The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python ...
CVE-2014-1932	The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript fun ...

Security announcements

DSA / DLA	Description
DLA-2317-1	pillow - security update
DSA-4631-1	pillow - security update
DLA-2057-1	pillow - security update
DSA-3710-1	pillow - security update
DSA-3499-1	pillow - security update