Go to file

Trần Bách 117de2b181 fix(security)(_imagingtk.c): unsafe pointer dereference from unchecked python i In `_tkinit`, `PyLong_AsVoidPtr(arg)` converts an arbitrary Python object to a `void` pointer which is then cast to `Tcl_Interp` and passed to `TkImaging_Init`. If `PyLong_AsVoidPtr` fails (returns NULL and sets an error), or if the caller passes an arbitrary integer value, the code proceeds to dereference it without any validation, potentially leading to a crash or arbitrary memory access. Affected files: _imagingtk.c Signed-off-by: Trần Bách <45133811+barttran2k@users.noreply.github.com>		2026-04-07 09:41:12 +07:00
_custom_build	Append custom parameter to the end of sys.argv	2024-03-28 17:40:54 +00:00
.ci	Update dependency cibuildwheel to v3.4.0 (#9532 )	2026-04-03 15:38:40 +11:00
.github	Remove deprecated option to allow Python 3.13t wheels	2026-04-03 15:51:01 +11:00
checks	Removed shebang lines and executable flags (#9179 )	2025-10-12 13:19:34 +03:00
depends	CI: Retry failed downloads (#9506 )	2026-03-27 09:57:43 +11:00
docs	Drop experimental Python 3.13 free-threaded wheels (#9535 )	2026-04-03 15:54:13 +03:00
src	fix(security)(_imagingtk.c): unsafe pointer dereference from unchecked python i	2026-04-07 09:41:12 +07:00
Tests	Correct feature name	2026-04-06 09:39:23 +10:00
wheels	Install zstd for libtiff on Linux	2025-08-28 19:37:26 +10:00
winbuild	Updated xz to 5.8.3	2026-04-01 08:26:13 +11:00
.clang-format	Specify both C and Cpp	2025-04-08 20:15:45 +10:00
.coveragerc	Updated check script paths (#9052 )	2025-07-01 15:17:56 +10:00
.editorconfig	editorconfig: specify 2-space indent for TOML	2023-11-06 12:42:44 +02:00
.git-blame-ignore-revs	Update .git-blame-ignore-revs	2023-11-17 13:06:44 +02:00
.gitattributes	Set EPS test files as binary	2018-12-29 21:53:07 -08:00
.gitignore	Correct handling of vendored fribidi.	2024-11-06 14:12:51 +08:00
.gitmodules	Updated wheel build process for new location	2023-09-24 22:51:42 +10:00
.pre-commit-config.yaml	[pre-commit.ci] pre-commit autoupdate	2026-03-02 17:25:35 +00:00
.readthedocs.yml	Added Sphinx configuration key	2025-01-13 21:07:32 +11:00
CHANGES.rst	Added link to GitHub releases	2024-11-28 07:58:10 +11:00
codecov.yml	Updated check script paths (#9052 )	2025-07-01 15:17:56 +10:00
conftest.py	Add 'from __future__ import annotations' using Ruff/isort	2023-12-21 13:13:31 +02:00
LICENSE	Jeffrey A. Clark -> Jeffrey 'Alex' Clark	2026-03-29 10:05:18 -04:00
Makefile	Updated check script paths (#9052 )	2025-07-01 15:17:56 +10:00
MANIFEST.in	Updated brotli to 1.2.0	2025-10-31 18:19:05 +11:00
pyproject.toml	Jeffrey A. Clark -> Jeffrey 'Alex' Clark	2026-03-29 10:05:18 -04:00
README.md	Jeffrey A. Clark -> Jeffrey 'Alex' Clark	2026-03-29 10:05:18 -04:00
RELEASING.md	Updated template name	2025-04-28 06:19:18 +10:00
selftest.py	Move from deprecated getdata to get_flattened_data	2026-01-03 08:16:37 +11:00
setup.py	PERF203 and fixes	2026-03-27 14:18:37 +02:00
tox.ini	Run tests in parallel via tox	2026-03-30 16:34:07 +03:00

README.md

Pillow

Python Imaging Library (Fork)

Pillow is the friendly PIL fork by Jeffrey 'Alex' Clark and contributors. PIL is the Python Imaging Library by Fredrik Lundh and contributors. As of 2019, Pillow development is supported by Tidelift.

docs
tests
package
social

Overview

The Python Imaging Library adds image processing capabilities to your Python interpreter.

This library provides extensive file format support, an efficient internal representation, and fairly powerful image processing capabilities.

The core image library is designed for fast access to data stored in a few basic pixel formats. It should provide a solid foundation for a general image processing tool.

More information

Report a vulnerability

To report a security vulnerability, please follow the procedure described in the Tidelift security policy.