PT-2024-4250 · Pypi+10 · Pillow+10

Published

2024-04-01

Updated

2025-10-15

CVE-2024-28219

CVSS v4.0

7.3

High

Vector

AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Pillow versions prior to 10.3.0

Description A buffer overflow exists in the imagingcms.c file of the Pillow library due to the use of strcpy instead of strncpy. This issue can allow an attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For Pillow versions prior to 10.3.0, update to version 10.3.0 or later to resolve the issue.

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-676CWE-680CWE-120

Related Identifiers

ALSA-2024:4227

ALT-PU-2024-6710

BDU:2024-04737

BIT-PILLOW-2024-28219

CESA-2024_4227

CVE-2024-28219

DLA-3786-1

DSA-5704-1

GHSA-44WM-F244-XHP3

INFSA-2024_4227

MGASA-2024-0133

OESA-2024-1451

OPENSUSE-SU-2024:13827-1

OPENSUSE-SU-2024_1154-1

RHSA-2024:3781

RHSA-2024:4227

RHSA-2024:5662

RHSA-2024_4227

RLSA-2024:4227

SUSE-SU-2024:1154-1

SUSE-SU-2024:1258-1

SUSE-SU-2024:1267-1

SUSE-SU-2024:1268-1

SUSE-SU-2024_1258-1

USN-6744-1

USN-6744-2

USN-6744-3

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Pillow

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2024-4250 · Pypi+10 · Pillow+10

CVE-2024-28219

Weakness Enumeration

Related Identifiers

Affected Products

References · 84