View all vulnerabilities

CVE-2024-28219

Pillow buffer overflow vulnerability

In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Vulnerability Details
Score
6.6
Score Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected Versions
pillow < 10.3.0
Severity
Medium
Ecosystem
Python
Publish Date
April 2, 2024
Modified Date
November 21, 2024