Fluid Attacks Database

Description

Pillow buffer overflow vulnerability In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	pillow	>=0 <10.3.0-1	10.3.0-1
debian 11	pillow	=8.1.2+dfsg-0.3 \|\| =8.1.2+dfsg-0.3+deb11u1 \|\| >=0 <8.1.2+dfsg-0.3+deb11u2	8.1.2+dfsg-0.3+deb11u2
debian 12	pillow	=9.4.0-1.1 \|\| >=0 <9.4.0-1.1+deb12u1	9.4.0-1.1+deb12u1
debian 13	pillow	>=0 <10.3.0-1	10.3.0-1
pypi	pillow	>=0 <10.3.0	10.3.0
rpm rhel8	python-pillow	<0:5.1.1-21.el8_10	0:5.1.1-21.el8_10
rpm rhel7	python-pillow	-	-

Aliases

References

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.