path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-01-10
The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-09-03
Page 2