Vulnerability	Vulnerable Version
H Buffer Overflow Affected versions of this package are vulnerable to Buffer Overflow via the `strcpy` function in `_imagingcms.c`, due to two calls that were able to copy too much data into fixed length strings. How to fix Buffer Overflow? Upgrade `pillow` to version 10.3.0 or higher.	[,10.3.0)
H Denial of Service (DoS) Affected versions of this package are vulnerable to Denial of Service (DoS) when using arbitrary strings as text input and the number of characters passed into `PIL.ImageFont.ImageFont.getmask()` is over a certain limit. This can lead to a system crash. How to fix Denial of Service (DoS)? Upgrade `pillow` to version 10.2.0 or higher.	[,10.2.0)
H Denial of Service (DoS) Affected versions of this package are vulnerable to Denial of Service (DoS) if the size of individual glyphs extends beyond the bitmap image, when using `PIL.ImageFont.ImageFont` function. Exploiting this vulnerability could lead to a system crash. How to fix Denial of Service (DoS)? Upgrade `pillow` to version 10.2.0 or higher.	[,10.2.0)
H Eval Injection Affected versions of this package are vulnerable to Eval Injection via the `PIL.ImageMath.eval` function when an attacker has control over the keys passed to the `environment` argument. How to fix Eval Injection? Upgrade `pillow` to version 10.2.0 or higher.	[,10.2.0)

Go back to all versions of this package