Hugo van Kemenade

5 exploits Active since Jun 2020
CVE-2026-42310 WRITEUP MEDIUM WRITEUP
Pillow: PDF Parsing Trailer Infinite Loop (DoS)
Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This issue has been patched in version 12.2.0.
CVSS 5.5
CVE-2020-10379 WRITEUP HIGH WRITEUP
Pillow < 7.1.0 - Buffer Overflow in libImaging/TiffDecode.c
In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c.
CVSS 7.8
CVE-2026-40192 WRITEUP HIGH WRITEUP
Pillow is vulnerable to a FITS GZIP decompression bomb
Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leading to denial of service (OOM crash or severe performance degradation). If users are unable to immediately upgrade, they should only open specific image formats, excluding FITS, as a workaround.
CVSS 7.5
CVE-2021-23437 WRITEUP HIGH WRITEUP
Pillow 5.2.0-8.3.1 - Regular Expression Denial of Service via getrgb Function
The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.
CVSS 7.5
CVE-2022-45199 WRITEUP HIGH WRITEUP
Pillow < 9.3.0 - Denial of Service via SAMPLESPERPIXEL
Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.
CVSS 7.5