All vulnerabilities

CVE-2024-28219

Pillow buffer overflow vulnerability

Description

In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.

Patch Available

Fix available through Seal Security. 

No upgrade required, protect your application instantly.

Fix without upgrading
Score
6.7
Severity
Medium
Ecosystem
Python
Publish Date
April 2, 2024
Modified Date
February 3, 2026
Score Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected Versions