Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS00NHdtLWYyNDQteGhwM84AA6j6

High CVSS: 7.3 EPSS: 0.0017% (0.38688 Percentile) EPSS:
Permalink JSON

Pillow buffer overflow vulnerability

Affected Packages Affected Versions Fixed Versions
pypi:pillow
PURL: pkg:pypi/pillow
< 10.3.0 10.3.0
4,378 Dependent packages
88,899 Dependent repositories
184,725,642 Downloads last month

Affected Version Ranges

All affected versions

1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.6, 1.7.7, 1.7.8, 2.0.0, 2.1.0, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.5.0, 2.5.1, 2.5.2, 2.5.3, 2.6.0, 2.6.1, 2.6.2, 2.7.0, 2.8.0, 2.8.1, 2.8.2, 2.9.0, 3.0.0, 3.1.0, 3.1.1, 3.1.2, 3.2.0, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.4.0, 3.4.1, 3.4.2, 4.0.0, 4.1.0, 4.1.1, 4.2.0, 4.2.1, 4.3.0, 5.0.0, 5.1.0, 5.2.0, 5.3.0, 5.4.0, 5.4.1, 6.0.0, 6.1.0, 6.2.0, 6.2.1, 6.2.2, 7.0.0, 7.1.0, 7.1.1, 7.1.2, 7.2.0, 8.0.0, 8.0.1, 8.1.0, 8.1.1, 8.1.2, 8.2.0, 8.3.0, 8.3.1, 8.3.2, 8.4.0, 9.0.0, 9.0.1, 9.1.0, 9.1.1, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0

All unaffected versions

10.3.0, 10.4.0, 11.0.0, 11.1.0, 11.2.0, 11.2.1, 11.3.0

In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.

References:

Identifiers

GHSA-44wm-f244-xhp3

CVE-2024-28219

Risk

Severity

High

CVSS

CVSS Score: 7.3

CVSS vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS

EPSS Percentage: 0.0017

EPSS Percentile: 0.38688

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/python-pillow/Pillow

Date and time

Published

over 1 year ago

Updated

10 months ago

API

JSON