uploadcare, llc

Top products

The 15 most recently published vulnerabilities affecting uploadcare, llc.

• CVE-2026-40192Pillow is vulnerable to a FITS GZIP decompression bomb7.5Apr 15, 2026
• CVE-2025-48379Pillow Vulnerable to Write Buffer Overflow on BCn encoding7.1Jul 1, 2025
• CVE-2024-28219In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.6.7Apr 3, 2024
• CVE-2023-50447Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).8.1Jan 19, 2024
• CVE-2023-44271An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out ...7.5Nov 3, 2023
• CVE-2022-45199Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.7.5Nov 14, 2022
• CVE-2022-45198Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).7.5Nov 14, 2022
• CVE-2022-30595libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files.9.8May 25, 2022
• CVE-2022-24303Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.9.1Mar 28, 2022
• CVE-2022-22817PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used.9.8Jan 7, 2022
• CVE-2022-22816path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.6.5Jan 7, 2022
• CVE-2022-22815path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.6.5Jan 7, 2022
• CVE-2021-23437Regular Expression Denial of Service (ReDoS)7.5Sep 3, 2021
• CVE-2021-34552Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.9.8Jul 13, 2021
• CVE-2021-28677An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally...7.5Jun 2, 2021