Shodan
Vulnerabilities
Vulnerable Software
Python:  >> Pillow  Security Vulnerabilities
CVE-2025-48379
Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. This issue has been patched in version 11.3.0.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-07-01
CVE-2024-28219
In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.
CVSS Score
6.7
EPSS Score
0.003
Published
2024-04-03
CVE-2023-50447
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).
CVSS Score
8.1
EPSS Score
0.006
Published
2024-01-19
CVE-2023-44271
An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-11-03
CVE-2022-45198
Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).
CVSS Score
7.5
EPSS Score
0.002
Published
2022-11-14
CVE-2022-45199
Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-11-14
CVE-2022-30595
libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files.
CVSS Score
9.8
EPSS Score
0.036
Published
2022-05-25
CVE-2022-24303
Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.
CVSS Score
9.1
EPSS Score
0.003
Published
2022-03-28
CVE-2022-22817
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used.
CVSS Score
9.8
EPSS Score
0.034
Published
2022-01-10
CVE-2022-22815
path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-01-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved