{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-28219", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-20T19:27:26.783Z", "dateReserved": "2024-03-07T00:00:00", "datePublished": "2024-04-03T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-04-10T22:05:51.052095"}, "descriptions": [{"lang": "en", "value": "In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html#security"}, {"name": "FEDORA-2024-e4b1b4eab1", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4XLPUT3VK4GQ6EVY525TT2QNUIXNRU5M/"}, {"name": "[debian-lts-announce] 20240410 [SECURITY] [DLA 3786-1] pillow security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00008.html"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AC:H/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:R", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:48:49.828Z"}, "title": "CVE Program Container", "references": [{"url": "https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html#security", "tags": ["x_transferred"]}, {"name": "FEDORA-2024-e4b1b4eab1", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4XLPUT3VK4GQ6EVY525TT2QNUIXNRU5M/"}, {"name": "[debian-lts-announce] 20240410 [SECURITY] [DLA 3786-1] pillow security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00008.html"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-680", "lang": "en", "description": "CWE-680 Integer Overflow to Buffer Overflow"}]}], "affected": [{"vendor": "fedoraproject", "product": "fedora", "cpes": ["cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "39", "status": "affected"}]}, {"vendor": "python", "product": "pillow", "cpes": ["cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "10.3.0", "versionType": "custom"}]}, {"vendor": "debian", "product": "debian_linux", "cpes": ["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "10.0", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-04-03T18:09:55.017027Z", "id": "CVE-2024-28219", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-20T19:27:26.783Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html#security", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4XLPUT3VK4GQ6EVY525TT2QNUIXNRU5M/", "name": "FEDORA-2024-e4b1b4eab1", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00008.html", "name": "[debian-lts-announce] 20240410 [SECURITY] [DLA 3786-1] pillow security update", "tags": ["mailing-list", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:48:49.828Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-28219", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-03T18:09:55.017027Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*"], "vendor": "fedoraproject", "product": "fedora", "versions": [{"status": "affected", "version": "39"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*"], "vendor": "python", "product": "pillow", "versions": [{"status": "affected", "version": "0", "lessThan": "10.3.0", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"], "vendor": "debian", "product": "debian_linux", "versions": [{"status": "affected", "version": "10.0"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-680", "description": "CWE-680 Integer Overflow to Buffer Overflow"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-20T19:25:05.146Z"}}], "cna": {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AC:H/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:R", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html#security"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4XLPUT3VK4GQ6EVY525TT2QNUIXNRU5M/", "name": "FEDORA-2024-e4b1b4eab1", "tags": ["vendor-advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00008.html", "name": "[debian-lts-announce] 20240410 [SECURITY] [DLA 3786-1] pillow security update", "tags": ["mailing-list"]}], "descriptions": [{"lang": "en", "value": "In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-04-10T22:05:51.052095"}}}, "cveMetadata": {"cveId": "CVE-2024-28219", "state": "PUBLISHED", "dateUpdated": "2024-08-20T19:27:26.783Z", "dateReserved": "2024-03-07T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-04-03T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*", "matchCriteriaId": "46F24DFD-7DF3-475C-8824-AA2585F09A7E", "versionEndExcluding": "10.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy."}, {"lang": "es", "value": "En _imagingcms.c en Pillow anterior a 10.3.0, existe un desbordamiento del b\u00fafer porque se usa strcpy en lugar de strncpy."}], "id": "CVE-2024-28219", "lastModified": "2025-10-15T15:20:23.397", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "cve@mitre.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-04-03T03:15:09.710", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00008.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4XLPUT3VK4GQ6EVY525TT2QNUIXNRU5M/"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html#security"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00008.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4XLPUT3VK4GQ6EVY525TT2QNUIXNRU5M/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html#security"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-680"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:3781", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "python3x-pillow-0:10.3.0-1.el8ap", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2024-06-10T00:00:00Z"}, {"advisory": "RHSA-2024:3781", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "package": "python-pillow-0:10.3.0-1.el9ap", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9", "release_date": "2024-06-10T00:00:00Z"}, {"advisory": "RHSA-2024:4227", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "python-pillow-0:5.1.1-21.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-07-02T00:00:00Z"}, {"advisory": "RHSA-2024:5662", "cpe": "cpe:/a:redhat:satellite:6.15::el8", "package": "python-pillow-0:10.3.0-1.el8pc", "product_name": "Red Hat Satellite 6.15 for RHEL 8", "release_date": "2024-08-20T00:00:00Z"}, {"advisory": "RHSA-2024:5662", "cpe": "cpe:/a:redhat:satellite_capsule:6.15::el8", "package": "python-pillow-0:10.3.0-1.el8pc", "product_name": "Red Hat Satellite 6.15 for RHEL 8", "release_date": "2024-08-20T00:00:00Z"}], "bugzilla": {"description": "python-pillow: buffer overflow in _imagingcms.c", "id": "2272563", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272563"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "status": "verified"}, "cwe": "CWE-20->CWE-120", "details": ["In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.", "A flaw was found in Pillow. The cms_transform_new function in src/_imagingcms.c does not validate the length of its parameters before copying them into fixed-size buffers, leading to a buffer overflow, resulting in a denial of service."], "mitigation": {"lang": "en:us", "value": "Make sure the ImageCms.buildTransform function is not called with the InMode or OutMode arguments with a string bigger than 8 bytes."}, "name": "CVE-2024-28219", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "python-pillow", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}], "public_date": "2024-04-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-28219\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-28219"], "statement": "This flaw can be triggered when the ImageCms.buildTransform function is called with the InMode or OutMode arguments with a string larger than 8 bytes. An application is not vulnerable if these parameters are not controlled by the user or are validated before the function is called. Additionally, the Pillow ImageCms module functions should not be exposed to untrusted usage without input validation. For this reason, this flaw has been rated with a moderate impact.", "threat_severity": "Moderate"}