Andrew Murray

9 exploits Active since Jan 2020
CVE-2020-5310 WRITEUP HIGH WRITEUP
Python Pillow < 6.2.2 - Integer Overflow
libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc.
CVSS 8.8
CVE-2020-5311 WRITEUP CRITICAL WRITEUP
Python Pillow < 6.2.2 - Buffer Overflow
libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow.
CVSS 9.8
CVE-2020-5312 WRITEUP CRITICAL WRITEUP
Python Pillow < 6.2.2 - Buffer Overflow
libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.
CVSS 9.8
CVE-2020-5313 WRITEUP HIGH WRITEUP
Python Pillow < 6.2.2 - Out-of-Bounds Read
libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.
CVSS 7.1
CVE-2022-45198 WRITEUP HIGH WRITEUP
Pillow <9.2.0 - Info Disclosure
Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).
CVSS 7.5
CVE-2022-45199 WRITEUP HIGH WRITEUP
Python Pillow < 9.3.0 - Denial of Service
Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.
CVSS 7.5
CVE-2023-44271 WRITEUP HIGH WRITEUP
Python Pillow < 10.0.0 - Resource Allocation Without Limits
An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.
CVSS 7.5
CVE-2025-48379 WRITEUP HIGH WRITEUP
Pillow <11.3.0 - Buffer Overflow
Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. This issue has been patched in version 11.3.0.
CVSS 7.1
CVE-2026-25990 WRITEUP HIGH WRITEUP
Python Pillow < 12.1.1 - Out-of-Bounds Write
Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, an out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.
CVSS 7.5