CVE-2024-28219 MEDIUM

CVE-2024-28219

Vendor N/A
Product n/a
Published April 3, 2024
Last update November 4, 2025

CVSS base score

6.7/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AC:H/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:R

What the vulnerability does

01Description

In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.

Key dates

02Disclosure timeline

April 3, 2024 CVE published
November 4, 2025 Record updated