Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-23437 (GCVE-0-2021-23437)
Vulnerability from cvelistv5 – Published: 2021-09-03 16:10 – Updated: 2024-09-16 20:47
VLAI
EPSS
Title
Regular Expression Denial of Service (ReDoS)
Summary
The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.
Severity
7.5 (High)
CWE
- Regular Expression Denial of Service (ReDoS)
Assigner
References
7 references
Impacted products
Date Public
2021-09-03 00:00
Credits
Liyuan Chen
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:56.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443"
},
{
"tags": [
"x_transferred"
],
"url": "https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b"
},
{
"name": "FEDORA-2021-9f020cf155",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/"
},
{
"name": "FEDORA-2021-cbfaefb390",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/"
},
{
"name": "GLSA-202211-10",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202211-10"
},
{
"name": "[debian-lts-announce] 20240322 [SECURITY] [DLA 3768-1] pillow security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pillow",
"vendor": "n/a",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "8.3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Liyuan Chen"
}
],
"datePublic": "2021-09-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Regular Expression Denial of Service (ReDoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-22T11:05:54.063Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"url": "https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443"
},
{
"url": "https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html"
},
{
"url": "https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b"
},
{
"name": "FEDORA-2021-9f020cf155",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/"
},
{
"name": "FEDORA-2021-cbfaefb390",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/"
},
{
"name": "GLSA-202211-10",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202211-10"
},
{
"name": "[debian-lts-announce] 20240322 [SECURITY] [DLA 3768-1] pillow security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html"
}
],
"title": "Regular Expression Denial of Service (ReDoS)"
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2021-23437",
"datePublished": "2021-09-03T16:10:10.293Z",
"dateReserved": "2021-01-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:47:41.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-23437",
"date": "2026-05-27",
"epss": "0.00226",
"percentile": "0.45298"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.2.0\", \"versionEndExcluding\": \"8.3.2\", \"matchCriteriaId\": \"F410ECFC-A2CC-41AD-965A-83B3FAE74EB2\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A930E247-0B43-43CB-98FF-6CE7B8189835\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.\"}, {\"lang\": \"es\", \"value\": \"El paquete pillow versiones desde la versi\\u00f3n 5.2.0 y anteriores a 8.3.2, son vulnerables a una Denegaci\\u00f3n de Servicio por Expresi\\u00f3n Regular (ReDoS) por medio de la funci\\u00f3n getrgb\"}]",
"id": "CVE-2021-23437",
"lastModified": "2024-11-21T05:51:45.487",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"report@snyk.io\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2021-09-03T16:15:08.317",
"references": "[{\"url\": \"https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b\", \"source\": \"report@snyk.io\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html\", \"source\": \"report@snyk.io\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/\", \"source\": \"report@snyk.io\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/\", \"source\": \"report@snyk.io\"}, {\"url\": \"https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html\", \"source\": \"report@snyk.io\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202211-10\", \"source\": \"report@snyk.io\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443\", \"source\": \"report@snyk.io\", \"tags\": [\"Exploit\", \"Patch\", \"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202211-10\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\", \"Release Notes\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "report@snyk.io",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-125\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-23437\",\"sourceIdentifier\":\"report@snyk.io\",\"published\":\"2021-09-03T16:15:08.317\",\"lastModified\":\"2024-11-21T05:51:45.487\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.\"},{\"lang\":\"es\",\"value\":\"El paquete pillow versiones desde la versi\u00f3n 5.2.0 y anteriores a 8.3.2, son vulnerables a una Denegaci\u00f3n de Servicio por Expresi\u00f3n Regular (ReDoS) por medio de la funci\u00f3n getrgb\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"report@snyk.io\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.2.0\",\"versionEndExcluding\":\"8.3.2\",\"matchCriteriaId\":\"F410ECFC-A2CC-41AD-965A-83B3FAE74EB2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"}]}]}],\"references\":[{\"url\":\"https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b\",\"source\":\"report@snyk.io\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html\",\"source\":\"report@snyk.io\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/\",\"source\":\"report@snyk.io\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/\",\"source\":\"report@snyk.io\"},{\"url\":\"https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html\",\"source\":\"report@snyk.io\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202211-10\",\"source\":\"report@snyk.io\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443\",\"source\":\"report@snyk.io\",\"tags\":[\"Exploit\",\"Patch\",\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202211-10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Release Notes\",\"Third Party Advisory\"]}]}}"
}
}
BDU:2022-02242
Vulnerability from fstec - Published: 03.09.2021
VLAI
Title
Уязвимость функции getrgb библиотеки для работы с растровой графикой Pillow, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость функции getrgb библиотеки для работы с растровой графикой Pillow связана с неконтролируемым расходом ресурсов. Эксплуатация уязвимости позволяет нарушителю, действующему удаленно, вызвать отказ в обслуживании
Severity
Vendor
Сообщество свободного программного обеспечения, Canonical Ltd., Red Hat Inc., Fedora Project, ООО «РусБИТех-Астра», Uploadcare, LLC, АО "НППКТ", АО «ИВК»
Software Name
Debian GNU/Linux, Ubuntu, Red Hat Quay, Fedora, Astra Linux Special Edition (запись в едином реестре российских программ №369), Pillow, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), АЛЬТ СП 10
Software Version
9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 14.04 ESM (Ubuntu), 10 (Debian GNU/Linux), 20.04 LTS (Ubuntu), 3 (Red Hat Quay), 33 (Fedora), 21.04 (Ubuntu), 34 (Fedora), 16.04 ESM (Ubuntu), 11 (Debian GNU/Linux), 21.10 (Ubuntu), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), от 5.2.0 до 8.3.2 (Pillow), до 2.4.3 (ОСОН ОСнова Оnyx), - (АЛЬТ СП 10)
Possible Mitigations
Для Pillow:
использование рекомендаций производителя: https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html
Для Debian:
использование рекомендаций производителя: https://security-tracker.debian.org/tracker/CVE-2021-23437
Для Ubuntu:
https://ubuntu.com/security/notices/USN-5227-1
https://ubuntu.com/security/notices/USN-5227-2
Для Fedora:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/CVE-2021-23437
Для ОСОН Основа:
Обновление программного обеспечения pillow до версии 5.4.1-2+deb10u3osnova1
Для ОС Альт 8 СП (релиз 10): установка обновления из публичного репозитория программного средства
Для ОС Astra Linux:
обновить пакет pillow до 5.4.1-2+deb10u6.astra2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0319SE17
Для ОС Astra Linux:
обновить пакет pillow до 5.4.1-2+deb10u6.astra2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-0422SE47
Reference
https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b
https://nvd.nist.gov/vuln/detail/CVE-2021-23437
https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html
https://security-tracker.debian.org/tracker/CVE-2021-23437
https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443
https://ubuntu.com/security/notices/USN-5227-1
https://ubuntu.com/security/notices/USN-5227-2
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/
https://access.redhat.com/security/cve/CVE-2021-23437
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.4.3/
https://altsp.su/obnovleniya-bezopasnosti/
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0319SE17
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-0422SE72
CWE
CWE-125, CWE-400
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Canonical Ltd., Red Hat Inc., Fedora Project, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Uploadcare, LLC, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 14.04 ESM (Ubuntu), 10 (Debian GNU/Linux), 20.04 LTS (Ubuntu), 3 (Red Hat Quay), 33 (Fedora), 21.04 (Ubuntu), 34 (Fedora), 16.04 ESM (Ubuntu), 11 (Debian GNU/Linux), 21.10 (Ubuntu), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), \u043e\u0442 5.2.0 \u0434\u043e 8.3.2 (Pillow), \u0434\u043e 2.4.3 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), - (\u0410\u041b\u042c\u0422 \u0421\u041f 10)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f Pillow:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html\n\n\u0414\u043b\u044f Debian:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://security-tracker.debian.org/tracker/CVE-2021-23437\n\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/notices/USN-5227-1\nhttps://ubuntu.com/security/notices/USN-5227-2\n\n\u0414\u043b\u044f Fedora:\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2021-23437\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f pillow \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 5.4.1-2+deb10u3osnova1\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0440\u0435\u043b\u0438\u0437 10): \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 pillow \u0434\u043e 5.4.1-2+deb10u6.astra2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0319SE17\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 pillow \u0434\u043e 5.4.1-2+deb10u6.astra2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-0422SE47",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "03.09.2021",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "05.05.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "14.04.2022",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-02242",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-23437",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Ubuntu, Red Hat Quay, Fedora, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Pillow, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u0410\u041b\u042c\u0422 \u0421\u041f 10",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Canonical Ltd. Ubuntu 18.04 LTS , Canonical Ltd. Ubuntu 14.04 ESM , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Canonical Ltd. Ubuntu 20.04 LTS , Fedora Project Fedora 33 , Canonical Ltd. Ubuntu 21.04 , Fedora Project Fedora 34 , Canonical Ltd. Ubuntu 16.04 ESM , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , Canonical Ltd. Ubuntu 21.10 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.4.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u041b\u042c\u0422 \u0421\u041f 10 - ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 getrgb \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0441 \u0440\u0430\u0441\u0442\u0440\u043e\u0432\u043e\u0439 \u0433\u0440\u0430\u0444\u0438\u043a\u043e\u0439 Pillow, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0427\u0442\u0435\u043d\u0438\u0435 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-125), \u041d\u0435\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u0439 \u0440\u0430\u0441\u0445\u043e\u0434 \u0440\u0435\u0441\u0443\u0440\u0441\u0430 (\u00ab\u0418\u0441\u0442\u043e\u0449\u0435\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u00bb) (CWE-400)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 getrgb \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0441 \u0440\u0430\u0441\u0442\u0440\u043e\u0432\u043e\u0439 \u0433\u0440\u0430\u0444\u0438\u043a\u043e\u0439 Pillow \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u043c \u0440\u0430\u0441\u0445\u043e\u0434\u043e\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u0441\u0447\u0435\u0440\u043f\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-23437\nhttps://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html\nhttps://security-tracker.debian.org/tracker/CVE-2021-23437\nhttps://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443\nhttps://ubuntu.com/security/notices/USN-5227-1\nhttps://ubuntu.com/security/notices/USN-5227-2\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/\nhttps://access.redhat.com/security/cve/CVE-2021-23437\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.4.3/\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0319SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-0422SE72",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-125, CWE-400",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}
bit-pillow-2021-23437
Vulnerability from bitnami_vulndb
Published
2024-03-06 11:05
Modified
2025-05-20 10:02
Summary
Regular Expression Denial of Service (ReDoS)
Details
The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "pillow",
"purl": "pkg:bitnami/pillow"
},
"ranges": [
{
"events": [
{
"introduced": "5.2.0"
},
{
"fixed": "8.3.2"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2021-23437"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*"
],
"severity": "High"
},
"details": "The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.",
"id": "BIT-pillow-2021-23437",
"modified": "2025-05-20T10:02:07.006Z",
"published": "2024-03-06T11:05:30.378Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/"
},
{
"type": "WEB",
"url": "https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202211-10"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23437"
}
],
"schema_version": "1.5.0",
"summary": "Regular Expression Denial of Service (ReDoS)"
}
FKIE_CVE-2021-23437
Vulnerability from fkie_nvd - Published: 2021-09-03 16:15 - Updated: 2024-11-21 05:51
Severity
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| python | pillow | * | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F410ECFC-A2CC-41AD-965A-83B3FAE74EB2",
"versionEndExcluding": "8.3.2",
"versionStartIncluding": "5.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function."
},
{
"lang": "es",
"value": "El paquete pillow versiones desde la versi\u00f3n 5.2.0 y anteriores a 8.3.2, son vulnerables a una Denegaci\u00f3n de Servicio por Expresi\u00f3n Regular (ReDoS) por medio de la funci\u00f3n getrgb"
}
],
"id": "CVE-2021-23437",
"lastModified": "2024-11-21T05:51:45.487",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "report@snyk.io",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-03T16:15:08.317",
"references": [
{
"source": "report@snyk.io",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b"
},
{
"source": "report@snyk.io",
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html"
},
{
"source": "report@snyk.io",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/"
},
{
"source": "report@snyk.io",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/"
},
{
"source": "report@snyk.io",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html"
},
{
"source": "report@snyk.io",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202211-10"
},
{
"source": "report@snyk.io",
"tags": [
"Exploit",
"Patch",
"Release Notes",
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202211-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Release Notes",
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443"
}
],
"sourceIdentifier": "report@snyk.io",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-98VV-PW6R-Q6Q4
Vulnerability from github – Published: 2021-09-07 23:08 – Updated: 2024-10-09 21:02
VLAI
Summary
Uncontrolled Resource Consumption in pillow
Details
The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.
Severity
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "pillow"
},
"ranges": [
{
"events": [
{
"introduced": "5.2.0"
},
{
"fixed": "8.3.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-23437"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2021-09-07T15:15:55Z",
"nvd_published_at": "2021-09-03T16:15:00Z",
"severity": "HIGH"
},
"details": "The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.",
"id": "GHSA-98vv-pw6r-q6q4",
"modified": "2024-10-09T21:02:05Z",
"published": "2021-09-07T23:08:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23437"
},
{
"type": "WEB",
"url": "https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-98vv-pw6r-q6q4"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-317.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/python-pillow/Pillow"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT"
},
{
"type": "WEB",
"url": "https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202211-10"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Uncontrolled Resource Consumption in pillow"
}
GSD-2021-23437
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-23437",
"description": "The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.",
"id": "GSD-2021-23437",
"references": [
"https://www.suse.com/security/cve/CVE-2021-23437.html",
"https://ubuntu.com/security/CVE-2021-23437",
"https://advisories.mageia.org/CVE-2021-23437.html",
"https://security.archlinux.org/CVE-2021-23437"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-23437"
],
"details": "The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.",
"id": "GSD-2021-23437",
"modified": "2023-12-13T01:23:30.314266Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2021-09-03T16:10:00.232154Z",
"ID": "CVE-2021-23437",
"STATE": "PUBLIC",
"TITLE": "Regular Expression Denial of Service (ReDoS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pillow",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "0"
},
{
"version_affected": "\u003c",
"version_value": "8.3.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Liyuan Chen"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Regular Expression Denial of Service (ReDoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443"
},
{
"name": "https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html",
"refsource": "MISC",
"url": "https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html"
},
{
"name": "https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b",
"refsource": "MISC",
"url": "https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b"
},
{
"name": "FEDORA-2021-9f020cf155",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/"
},
{
"name": "FEDORA-2021-cbfaefb390",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/"
},
{
"name": "GLSA-202211-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202211-10"
},
{
"name": "[debian-lts-announce] 20240322 [SECURITY] [DLA 3768-1] pillow security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003e=5.2.0,\u003c8.3.2",
"affected_versions": "All versions starting from 5.2.0 before 8.3.2",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-125",
"CWE-937"
],
"date": "2023-01-31",
"description": "The pillow package is vulnerable to Regular Expression Denial of Service (ReDoS) via the `getrgb` function.",
"fixed_versions": [
"8.3.2"
],
"identifier": "CVE-2021-23437",
"identifiers": [
"CVE-2021-23437"
],
"not_impacted": "All versions before 5.2.0, all versions starting from 8.3.2",
"package_slug": "pypi/Pillow",
"pubdate": "2021-09-03",
"solution": "Upgrade to version 8.3.2 or above.",
"title": "Out-of-bounds Read",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-23437",
"https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html"
],
"uuid": "5db07fd2-101c-4794-a0f2-fabeb895b05e"
}
]
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F410ECFC-A2CC-41AD-965A-83B3FAE74EB2",
"versionEndExcluding": "8.3.2",
"versionStartIncluding": "5.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function."
},
{
"lang": "es",
"value": "El paquete pillow versiones desde la versi\u00f3n 5.2.0 y anteriores a 8.3.2, son vulnerables a una Denegaci\u00f3n de Servicio por Expresi\u00f3n Regular (ReDoS) por medio de la funci\u00f3n getrgb"
}
],
"id": "CVE-2021-23437",
"lastModified": "2024-03-22T11:15:45.353",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "report@snyk.io",
"type": "Secondary"
}
]
},
"published": "2021-09-03T16:15:08.317",
"references": [
{
"source": "report@snyk.io",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b"
},
{
"source": "report@snyk.io",
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html"
},
{
"source": "report@snyk.io",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/"
},
{
"source": "report@snyk.io",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/"
},
{
"source": "report@snyk.io",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html"
},
{
"source": "report@snyk.io",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202211-10"
},
{
"source": "report@snyk.io",
"tags": [
"Exploit",
"Patch",
"Release Notes",
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443"
}
],
"sourceIdentifier": "report@snyk.io",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}
OPENSUSE-SU-2024:11209-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
python36-Pillow-8.3.2-1.2 on GA media
Severity
Moderate
Notes
Title of the patch: python36-Pillow-8.3.2-1.2 on GA media
Description of the patch: These are all security issues fixed in the python36-Pillow-8.3.2-1.2 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-11209
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.1 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.8 (Critical)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
7.5 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
59 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python36-Pillow-8.3.2-1.2 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python36-Pillow-8.3.2-1.2 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11209",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11209-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-3589 page",
"url": "https://www.suse.com/security/cve/CVE-2014-3589/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-3598 page",
"url": "https://www.suse.com/security/cve/CVE-2014-3598/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-0740 page",
"url": "https://www.suse.com/security/cve/CVE-2016-0740/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-0775 page",
"url": "https://www.suse.com/security/cve/CVE-2016-0775/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3076 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15999 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15999/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-35653 page",
"url": "https://www.suse.com/security/cve/CVE-2020-35653/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-35654 page",
"url": "https://www.suse.com/security/cve/CVE-2020-35654/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-35655 page",
"url": "https://www.suse.com/security/cve/CVE-2020-35655/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23437 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23437/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-25289 page",
"url": "https://www.suse.com/security/cve/CVE-2021-25289/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-25290 page",
"url": "https://www.suse.com/security/cve/CVE-2021-25290/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-25291 page",
"url": "https://www.suse.com/security/cve/CVE-2021-25291/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-25292 page",
"url": "https://www.suse.com/security/cve/CVE-2021-25292/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-25293 page",
"url": "https://www.suse.com/security/cve/CVE-2021-25293/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-27921 page",
"url": "https://www.suse.com/security/cve/CVE-2021-27921/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-34552 page",
"url": "https://www.suse.com/security/cve/CVE-2021-34552/"
}
],
"title": "python36-Pillow-8.3.2-1.2 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11209-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python36-Pillow-8.3.2-1.2.aarch64",
"product": {
"name": "python36-Pillow-8.3.2-1.2.aarch64",
"product_id": "python36-Pillow-8.3.2-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "python36-Pillow-tk-8.3.2-1.2.aarch64",
"product": {
"name": "python36-Pillow-tk-8.3.2-1.2.aarch64",
"product_id": "python36-Pillow-tk-8.3.2-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "python38-Pillow-8.3.2-1.2.aarch64",
"product": {
"name": "python38-Pillow-8.3.2-1.2.aarch64",
"product_id": "python38-Pillow-8.3.2-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "python38-Pillow-tk-8.3.2-1.2.aarch64",
"product": {
"name": "python38-Pillow-tk-8.3.2-1.2.aarch64",
"product_id": "python38-Pillow-tk-8.3.2-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "python39-Pillow-8.3.2-1.2.aarch64",
"product": {
"name": "python39-Pillow-8.3.2-1.2.aarch64",
"product_id": "python39-Pillow-8.3.2-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "python39-Pillow-tk-8.3.2-1.2.aarch64",
"product": {
"name": "python39-Pillow-tk-8.3.2-1.2.aarch64",
"product_id": "python39-Pillow-tk-8.3.2-1.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python36-Pillow-8.3.2-1.2.ppc64le",
"product": {
"name": "python36-Pillow-8.3.2-1.2.ppc64le",
"product_id": "python36-Pillow-8.3.2-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "python36-Pillow-tk-8.3.2-1.2.ppc64le",
"product": {
"name": "python36-Pillow-tk-8.3.2-1.2.ppc64le",
"product_id": "python36-Pillow-tk-8.3.2-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "python38-Pillow-8.3.2-1.2.ppc64le",
"product": {
"name": "python38-Pillow-8.3.2-1.2.ppc64le",
"product_id": "python38-Pillow-8.3.2-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "python38-Pillow-tk-8.3.2-1.2.ppc64le",
"product": {
"name": "python38-Pillow-tk-8.3.2-1.2.ppc64le",
"product_id": "python38-Pillow-tk-8.3.2-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-Pillow-8.3.2-1.2.ppc64le",
"product": {
"name": "python39-Pillow-8.3.2-1.2.ppc64le",
"product_id": "python39-Pillow-8.3.2-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-Pillow-tk-8.3.2-1.2.ppc64le",
"product": {
"name": "python39-Pillow-tk-8.3.2-1.2.ppc64le",
"product_id": "python39-Pillow-tk-8.3.2-1.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python36-Pillow-8.3.2-1.2.s390x",
"product": {
"name": "python36-Pillow-8.3.2-1.2.s390x",
"product_id": "python36-Pillow-8.3.2-1.2.s390x"
}
},
{
"category": "product_version",
"name": "python36-Pillow-tk-8.3.2-1.2.s390x",
"product": {
"name": "python36-Pillow-tk-8.3.2-1.2.s390x",
"product_id": "python36-Pillow-tk-8.3.2-1.2.s390x"
}
},
{
"category": "product_version",
"name": "python38-Pillow-8.3.2-1.2.s390x",
"product": {
"name": "python38-Pillow-8.3.2-1.2.s390x",
"product_id": "python38-Pillow-8.3.2-1.2.s390x"
}
},
{
"category": "product_version",
"name": "python38-Pillow-tk-8.3.2-1.2.s390x",
"product": {
"name": "python38-Pillow-tk-8.3.2-1.2.s390x",
"product_id": "python38-Pillow-tk-8.3.2-1.2.s390x"
}
},
{
"category": "product_version",
"name": "python39-Pillow-8.3.2-1.2.s390x",
"product": {
"name": "python39-Pillow-8.3.2-1.2.s390x",
"product_id": "python39-Pillow-8.3.2-1.2.s390x"
}
},
{
"category": "product_version",
"name": "python39-Pillow-tk-8.3.2-1.2.s390x",
"product": {
"name": "python39-Pillow-tk-8.3.2-1.2.s390x",
"product_id": "python39-Pillow-tk-8.3.2-1.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python36-Pillow-8.3.2-1.2.x86_64",
"product": {
"name": "python36-Pillow-8.3.2-1.2.x86_64",
"product_id": "python36-Pillow-8.3.2-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "python36-Pillow-tk-8.3.2-1.2.x86_64",
"product": {
"name": "python36-Pillow-tk-8.3.2-1.2.x86_64",
"product_id": "python36-Pillow-tk-8.3.2-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "python38-Pillow-8.3.2-1.2.x86_64",
"product": {
"name": "python38-Pillow-8.3.2-1.2.x86_64",
"product_id": "python38-Pillow-8.3.2-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "python38-Pillow-tk-8.3.2-1.2.x86_64",
"product": {
"name": "python38-Pillow-tk-8.3.2-1.2.x86_64",
"product_id": "python38-Pillow-tk-8.3.2-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "python39-Pillow-8.3.2-1.2.x86_64",
"product": {
"name": "python39-Pillow-8.3.2-1.2.x86_64",
"product_id": "python39-Pillow-8.3.2-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "python39-Pillow-tk-8.3.2-1.2.x86_64",
"product": {
"name": "python39-Pillow-tk-8.3.2-1.2.x86_64",
"product_id": "python39-Pillow-tk-8.3.2-1.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-Pillow-8.3.2-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64"
},
"product_reference": "python36-Pillow-8.3.2-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-Pillow-8.3.2-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le"
},
"product_reference": "python36-Pillow-8.3.2-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-Pillow-8.3.2-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x"
},
"product_reference": "python36-Pillow-8.3.2-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-Pillow-8.3.2-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64"
},
"product_reference": "python36-Pillow-8.3.2-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-Pillow-tk-8.3.2-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64"
},
"product_reference": "python36-Pillow-tk-8.3.2-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-Pillow-tk-8.3.2-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le"
},
"product_reference": "python36-Pillow-tk-8.3.2-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-Pillow-tk-8.3.2-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x"
},
"product_reference": "python36-Pillow-tk-8.3.2-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-Pillow-tk-8.3.2-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64"
},
"product_reference": "python36-Pillow-tk-8.3.2-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-Pillow-8.3.2-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64"
},
"product_reference": "python38-Pillow-8.3.2-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-Pillow-8.3.2-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le"
},
"product_reference": "python38-Pillow-8.3.2-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-Pillow-8.3.2-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x"
},
"product_reference": "python38-Pillow-8.3.2-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-Pillow-8.3.2-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64"
},
"product_reference": "python38-Pillow-8.3.2-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-Pillow-tk-8.3.2-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64"
},
"product_reference": "python38-Pillow-tk-8.3.2-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-Pillow-tk-8.3.2-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le"
},
"product_reference": "python38-Pillow-tk-8.3.2-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-Pillow-tk-8.3.2-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x"
},
"product_reference": "python38-Pillow-tk-8.3.2-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-Pillow-tk-8.3.2-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64"
},
"product_reference": "python38-Pillow-tk-8.3.2-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-Pillow-8.3.2-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64"
},
"product_reference": "python39-Pillow-8.3.2-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-Pillow-8.3.2-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le"
},
"product_reference": "python39-Pillow-8.3.2-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-Pillow-8.3.2-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x"
},
"product_reference": "python39-Pillow-8.3.2-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-Pillow-8.3.2-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64"
},
"product_reference": "python39-Pillow-8.3.2-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-Pillow-tk-8.3.2-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64"
},
"product_reference": "python39-Pillow-tk-8.3.2-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-Pillow-tk-8.3.2-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le"
},
"product_reference": "python39-Pillow-tk-8.3.2-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-Pillow-tk-8.3.2-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x"
},
"product_reference": "python39-Pillow-tk-8.3.2-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-Pillow-tk-8.3.2-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
},
"product_reference": "python39-Pillow-tk-8.3.2-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-3589",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-3589"
}
],
"notes": [
{
"category": "general",
"text": "PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-3589",
"url": "https://www.suse.com/security/cve/CVE-2014-3589"
},
{
"category": "external",
"summary": "SUSE Bug 921566 for CVE-2014-3589",
"url": "https://bugzilla.suse.com/921566"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-3589"
},
{
"cve": "CVE-2014-3598",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-3598"
}
],
"notes": [
{
"category": "general",
"text": "The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-3598",
"url": "https://www.suse.com/security/cve/CVE-2014-3598"
},
{
"category": "external",
"summary": "SUSE Bug 921566 for CVE-2014-3598",
"url": "https://bugzilla.suse.com/921566"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-3598"
},
{
"cve": "CVE-2016-0740",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-0740"
}
],
"notes": [
{
"category": "general",
"text": "Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-0740",
"url": "https://www.suse.com/security/cve/CVE-2016-0740"
},
{
"category": "external",
"summary": "SUSE Bug 965579 for CVE-2016-0740",
"url": "https://bugzilla.suse.com/965579"
},
{
"category": "external",
"summary": "SUSE Bug 965582 for CVE-2016-0740",
"url": "https://bugzilla.suse.com/965582"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-0740"
},
{
"cve": "CVE-2016-0775",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-0775"
}
],
"notes": [
{
"category": "general",
"text": "Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-0775",
"url": "https://www.suse.com/security/cve/CVE-2016-0775"
},
{
"category": "external",
"summary": "SUSE Bug 965579 for CVE-2016-0775",
"url": "https://bugzilla.suse.com/965579"
},
{
"category": "external",
"summary": "SUSE Bug 965582 for CVE-2016-0775",
"url": "https://bugzilla.suse.com/965582"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-0775"
},
{
"cve": "CVE-2016-3076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3076"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3076",
"url": "https://www.suse.com/security/cve/CVE-2016-3076"
},
{
"category": "external",
"summary": "SUSE Bug 973786 for CVE-2016-3076",
"url": "https://bugzilla.suse.com/973786"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-3076"
},
{
"cve": "CVE-2020-15999",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15999"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15999",
"url": "https://www.suse.com/security/cve/CVE-2020-15999"
},
{
"category": "external",
"summary": "SUSE Bug 1177914 for CVE-2020-15999",
"url": "https://bugzilla.suse.com/1177914"
},
{
"category": "external",
"summary": "SUSE Bug 1177936 for CVE-2020-15999",
"url": "https://bugzilla.suse.com/1177936"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-15999",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-15999",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15999"
},
{
"cve": "CVE-2020-35653",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-35653"
}
],
"notes": [
{
"category": "general",
"text": "In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-35653",
"url": "https://www.suse.com/security/cve/CVE-2020-35653"
},
{
"category": "external",
"summary": "SUSE Bug 1180834 for CVE-2020-35653",
"url": "https://bugzilla.suse.com/1180834"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-35653"
},
{
"cve": "CVE-2020-35654",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-35654"
}
],
"notes": [
{
"category": "general",
"text": "In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-35654",
"url": "https://www.suse.com/security/cve/CVE-2020-35654"
},
{
"category": "external",
"summary": "SUSE Bug 1180833 for CVE-2020-35654",
"url": "https://bugzilla.suse.com/1180833"
},
{
"category": "external",
"summary": "SUSE Bug 1183103 for CVE-2020-35654",
"url": "https://bugzilla.suse.com/1183103"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-35654"
},
{
"cve": "CVE-2020-35655",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-35655"
}
],
"notes": [
{
"category": "general",
"text": "In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-35655",
"url": "https://www.suse.com/security/cve/CVE-2020-35655"
},
{
"category": "external",
"summary": "SUSE Bug 1180832 for CVE-2020-35655",
"url": "https://bugzilla.suse.com/1180832"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-35655"
},
{
"cve": "CVE-2021-23437",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23437"
}
],
"notes": [
{
"category": "general",
"text": "The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23437",
"url": "https://www.suse.com/security/cve/CVE-2021-23437"
},
{
"category": "external",
"summary": "SUSE Bug 1190229 for CVE-2021-23437",
"url": "https://bugzilla.suse.com/1190229"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23437"
},
{
"cve": "CVE-2021-25289",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-25289"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-25289",
"url": "https://www.suse.com/security/cve/CVE-2021-25289"
},
{
"category": "external",
"summary": "SUSE Bug 1183103 for CVE-2021-25289",
"url": "https://bugzilla.suse.com/1183103"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2021-25289"
},
{
"cve": "CVE-2021-25290",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-25290"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-25290",
"url": "https://www.suse.com/security/cve/CVE-2021-25290"
},
{
"category": "external",
"summary": "SUSE Bug 1183105 for CVE-2021-25290",
"url": "https://bugzilla.suse.com/1183105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-25290"
},
{
"cve": "CVE-2021-25291",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-25291"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-25291",
"url": "https://www.suse.com/security/cve/CVE-2021-25291"
},
{
"category": "external",
"summary": "SUSE Bug 1183106 for CVE-2021-25291",
"url": "https://bugzilla.suse.com/1183106"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-25291"
},
{
"cve": "CVE-2021-25292",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-25292"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-25292",
"url": "https://www.suse.com/security/cve/CVE-2021-25292"
},
{
"category": "external",
"summary": "SUSE Bug 1183101 for CVE-2021-25292",
"url": "https://bugzilla.suse.com/1183101"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-25292"
},
{
"cve": "CVE-2021-25293",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-25293"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-25293",
"url": "https://www.suse.com/security/cve/CVE-2021-25293"
},
{
"category": "external",
"summary": "SUSE Bug 1183102 for CVE-2021-25293",
"url": "https://bugzilla.suse.com/1183102"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-25293"
},
{
"cve": "CVE-2021-27921",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-27921"
}
],
"notes": [
{
"category": "general",
"text": "Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-27921",
"url": "https://www.suse.com/security/cve/CVE-2021-27921"
},
{
"category": "external",
"summary": "SUSE Bug 1183110 for CVE-2021-27921",
"url": "https://bugzilla.suse.com/1183110"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-27921"
},
{
"cve": "CVE-2021-34552",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-34552"
}
],
"notes": [
{
"category": "general",
"text": "Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-34552",
"url": "https://www.suse.com/security/cve/CVE-2021-34552"
},
{
"category": "external",
"summary": "SUSE Bug 1188574 for CVE-2021-34552",
"url": "https://bugzilla.suse.com/1188574"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2.x86_64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.aarch64",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.ppc64le",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.s390x",
"openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-34552"
}
]
}
OPENSUSE-SU-2024:13827-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
python310-Pillow-10.3.0-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: python310-Pillow-10.3.0-1.1 on GA media
Description of the patch: These are all security issues fixed in the python310-Pillow-10.3.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-13827
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.1 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.8 (Critical)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
7.5 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.3 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
62 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python310-Pillow-10.3.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python310-Pillow-10.3.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13827",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13827-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-3589 page",
"url": "https://www.suse.com/security/cve/CVE-2014-3589/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-3598 page",
"url": "https://www.suse.com/security/cve/CVE-2014-3598/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-0740 page",
"url": "https://www.suse.com/security/cve/CVE-2016-0740/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-0775 page",
"url": "https://www.suse.com/security/cve/CVE-2016-0775/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3076 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15999 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15999/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-35653 page",
"url": "https://www.suse.com/security/cve/CVE-2020-35653/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-35654 page",
"url": "https://www.suse.com/security/cve/CVE-2020-35654/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-35655 page",
"url": "https://www.suse.com/security/cve/CVE-2020-35655/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23437 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23437/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-25289 page",
"url": "https://www.suse.com/security/cve/CVE-2021-25289/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-25290 page",
"url": "https://www.suse.com/security/cve/CVE-2021-25290/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-25291 page",
"url": "https://www.suse.com/security/cve/CVE-2021-25291/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-25292 page",
"url": "https://www.suse.com/security/cve/CVE-2021-25292/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-25293 page",
"url": "https://www.suse.com/security/cve/CVE-2021-25293/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-27921 page",
"url": "https://www.suse.com/security/cve/CVE-2021-27921/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-34552 page",
"url": "https://www.suse.com/security/cve/CVE-2021-34552/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-28219 page",
"url": "https://www.suse.com/security/cve/CVE-2024-28219/"
}
],
"title": "python310-Pillow-10.3.0-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13827-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python310-Pillow-10.3.0-1.1.aarch64",
"product": {
"name": "python310-Pillow-10.3.0-1.1.aarch64",
"product_id": "python310-Pillow-10.3.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python310-Pillow-tk-10.3.0-1.1.aarch64",
"product": {
"name": "python310-Pillow-tk-10.3.0-1.1.aarch64",
"product_id": "python310-Pillow-tk-10.3.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python311-Pillow-10.3.0-1.1.aarch64",
"product": {
"name": "python311-Pillow-10.3.0-1.1.aarch64",
"product_id": "python311-Pillow-10.3.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python311-Pillow-tk-10.3.0-1.1.aarch64",
"product": {
"name": "python311-Pillow-tk-10.3.0-1.1.aarch64",
"product_id": "python311-Pillow-tk-10.3.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python312-Pillow-10.3.0-1.1.aarch64",
"product": {
"name": "python312-Pillow-10.3.0-1.1.aarch64",
"product_id": "python312-Pillow-10.3.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python312-Pillow-tk-10.3.0-1.1.aarch64",
"product": {
"name": "python312-Pillow-tk-10.3.0-1.1.aarch64",
"product_id": "python312-Pillow-tk-10.3.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-Pillow-10.3.0-1.1.ppc64le",
"product": {
"name": "python310-Pillow-10.3.0-1.1.ppc64le",
"product_id": "python310-Pillow-10.3.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python310-Pillow-tk-10.3.0-1.1.ppc64le",
"product": {
"name": "python310-Pillow-tk-10.3.0-1.1.ppc64le",
"product_id": "python310-Pillow-tk-10.3.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python311-Pillow-10.3.0-1.1.ppc64le",
"product": {
"name": "python311-Pillow-10.3.0-1.1.ppc64le",
"product_id": "python311-Pillow-10.3.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python311-Pillow-tk-10.3.0-1.1.ppc64le",
"product": {
"name": "python311-Pillow-tk-10.3.0-1.1.ppc64le",
"product_id": "python311-Pillow-tk-10.3.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python312-Pillow-10.3.0-1.1.ppc64le",
"product": {
"name": "python312-Pillow-10.3.0-1.1.ppc64le",
"product_id": "python312-Pillow-10.3.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python312-Pillow-tk-10.3.0-1.1.ppc64le",
"product": {
"name": "python312-Pillow-tk-10.3.0-1.1.ppc64le",
"product_id": "python312-Pillow-tk-10.3.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-Pillow-10.3.0-1.1.s390x",
"product": {
"name": "python310-Pillow-10.3.0-1.1.s390x",
"product_id": "python310-Pillow-10.3.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python310-Pillow-tk-10.3.0-1.1.s390x",
"product": {
"name": "python310-Pillow-tk-10.3.0-1.1.s390x",
"product_id": "python310-Pillow-tk-10.3.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python311-Pillow-10.3.0-1.1.s390x",
"product": {
"name": "python311-Pillow-10.3.0-1.1.s390x",
"product_id": "python311-Pillow-10.3.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python311-Pillow-tk-10.3.0-1.1.s390x",
"product": {
"name": "python311-Pillow-tk-10.3.0-1.1.s390x",
"product_id": "python311-Pillow-tk-10.3.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python312-Pillow-10.3.0-1.1.s390x",
"product": {
"name": "python312-Pillow-10.3.0-1.1.s390x",
"product_id": "python312-Pillow-10.3.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python312-Pillow-tk-10.3.0-1.1.s390x",
"product": {
"name": "python312-Pillow-tk-10.3.0-1.1.s390x",
"product_id": "python312-Pillow-tk-10.3.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-Pillow-10.3.0-1.1.x86_64",
"product": {
"name": "python310-Pillow-10.3.0-1.1.x86_64",
"product_id": "python310-Pillow-10.3.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python310-Pillow-tk-10.3.0-1.1.x86_64",
"product": {
"name": "python310-Pillow-tk-10.3.0-1.1.x86_64",
"product_id": "python310-Pillow-tk-10.3.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-Pillow-10.3.0-1.1.x86_64",
"product": {
"name": "python311-Pillow-10.3.0-1.1.x86_64",
"product_id": "python311-Pillow-10.3.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-Pillow-tk-10.3.0-1.1.x86_64",
"product": {
"name": "python311-Pillow-tk-10.3.0-1.1.x86_64",
"product_id": "python311-Pillow-tk-10.3.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python312-Pillow-10.3.0-1.1.x86_64",
"product": {
"name": "python312-Pillow-10.3.0-1.1.x86_64",
"product_id": "python312-Pillow-10.3.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python312-Pillow-tk-10.3.0-1.1.x86_64",
"product": {
"name": "python312-Pillow-tk-10.3.0-1.1.x86_64",
"product_id": "python312-Pillow-tk-10.3.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-Pillow-10.3.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64"
},
"product_reference": "python310-Pillow-10.3.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-Pillow-10.3.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le"
},
"product_reference": "python310-Pillow-10.3.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-Pillow-10.3.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x"
},
"product_reference": "python310-Pillow-10.3.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-Pillow-10.3.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64"
},
"product_reference": "python310-Pillow-10.3.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-Pillow-tk-10.3.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64"
},
"product_reference": "python310-Pillow-tk-10.3.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-Pillow-tk-10.3.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le"
},
"product_reference": "python310-Pillow-tk-10.3.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-Pillow-tk-10.3.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x"
},
"product_reference": "python310-Pillow-tk-10.3.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-Pillow-tk-10.3.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64"
},
"product_reference": "python310-Pillow-tk-10.3.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Pillow-10.3.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64"
},
"product_reference": "python311-Pillow-10.3.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Pillow-10.3.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le"
},
"product_reference": "python311-Pillow-10.3.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Pillow-10.3.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x"
},
"product_reference": "python311-Pillow-10.3.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Pillow-10.3.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64"
},
"product_reference": "python311-Pillow-10.3.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Pillow-tk-10.3.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64"
},
"product_reference": "python311-Pillow-tk-10.3.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Pillow-tk-10.3.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le"
},
"product_reference": "python311-Pillow-tk-10.3.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Pillow-tk-10.3.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x"
},
"product_reference": "python311-Pillow-tk-10.3.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Pillow-tk-10.3.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64"
},
"product_reference": "python311-Pillow-tk-10.3.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-Pillow-10.3.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64"
},
"product_reference": "python312-Pillow-10.3.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-Pillow-10.3.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le"
},
"product_reference": "python312-Pillow-10.3.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-Pillow-10.3.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x"
},
"product_reference": "python312-Pillow-10.3.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-Pillow-10.3.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64"
},
"product_reference": "python312-Pillow-10.3.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-Pillow-tk-10.3.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64"
},
"product_reference": "python312-Pillow-tk-10.3.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-Pillow-tk-10.3.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le"
},
"product_reference": "python312-Pillow-tk-10.3.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-Pillow-tk-10.3.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x"
},
"product_reference": "python312-Pillow-tk-10.3.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-Pillow-tk-10.3.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
},
"product_reference": "python312-Pillow-tk-10.3.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-3589",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-3589"
}
],
"notes": [
{
"category": "general",
"text": "PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-3589",
"url": "https://www.suse.com/security/cve/CVE-2014-3589"
},
{
"category": "external",
"summary": "SUSE Bug 921566 for CVE-2014-3589",
"url": "https://bugzilla.suse.com/921566"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-3589"
},
{
"cve": "CVE-2014-3598",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-3598"
}
],
"notes": [
{
"category": "general",
"text": "The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-3598",
"url": "https://www.suse.com/security/cve/CVE-2014-3598"
},
{
"category": "external",
"summary": "SUSE Bug 921566 for CVE-2014-3598",
"url": "https://bugzilla.suse.com/921566"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-3598"
},
{
"cve": "CVE-2016-0740",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-0740"
}
],
"notes": [
{
"category": "general",
"text": "Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-0740",
"url": "https://www.suse.com/security/cve/CVE-2016-0740"
},
{
"category": "external",
"summary": "SUSE Bug 965579 for CVE-2016-0740",
"url": "https://bugzilla.suse.com/965579"
},
{
"category": "external",
"summary": "SUSE Bug 965582 for CVE-2016-0740",
"url": "https://bugzilla.suse.com/965582"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-0740"
},
{
"cve": "CVE-2016-0775",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-0775"
}
],
"notes": [
{
"category": "general",
"text": "Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-0775",
"url": "https://www.suse.com/security/cve/CVE-2016-0775"
},
{
"category": "external",
"summary": "SUSE Bug 965579 for CVE-2016-0775",
"url": "https://bugzilla.suse.com/965579"
},
{
"category": "external",
"summary": "SUSE Bug 965582 for CVE-2016-0775",
"url": "https://bugzilla.suse.com/965582"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-0775"
},
{
"cve": "CVE-2016-3076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3076"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3076",
"url": "https://www.suse.com/security/cve/CVE-2016-3076"
},
{
"category": "external",
"summary": "SUSE Bug 973786 for CVE-2016-3076",
"url": "https://bugzilla.suse.com/973786"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-3076"
},
{
"cve": "CVE-2020-15999",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15999"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15999",
"url": "https://www.suse.com/security/cve/CVE-2020-15999"
},
{
"category": "external",
"summary": "SUSE Bug 1177914 for CVE-2020-15999",
"url": "https://bugzilla.suse.com/1177914"
},
{
"category": "external",
"summary": "SUSE Bug 1177936 for CVE-2020-15999",
"url": "https://bugzilla.suse.com/1177936"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-15999",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-15999",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15999"
},
{
"cve": "CVE-2020-35653",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-35653"
}
],
"notes": [
{
"category": "general",
"text": "In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-35653",
"url": "https://www.suse.com/security/cve/CVE-2020-35653"
},
{
"category": "external",
"summary": "SUSE Bug 1180834 for CVE-2020-35653",
"url": "https://bugzilla.suse.com/1180834"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-35653"
},
{
"cve": "CVE-2020-35654",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-35654"
}
],
"notes": [
{
"category": "general",
"text": "In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-35654",
"url": "https://www.suse.com/security/cve/CVE-2020-35654"
},
{
"category": "external",
"summary": "SUSE Bug 1180833 for CVE-2020-35654",
"url": "https://bugzilla.suse.com/1180833"
},
{
"category": "external",
"summary": "SUSE Bug 1183103 for CVE-2020-35654",
"url": "https://bugzilla.suse.com/1183103"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-35654"
},
{
"cve": "CVE-2020-35655",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-35655"
}
],
"notes": [
{
"category": "general",
"text": "In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-35655",
"url": "https://www.suse.com/security/cve/CVE-2020-35655"
},
{
"category": "external",
"summary": "SUSE Bug 1180832 for CVE-2020-35655",
"url": "https://bugzilla.suse.com/1180832"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-35655"
},
{
"cve": "CVE-2021-23437",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23437"
}
],
"notes": [
{
"category": "general",
"text": "The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23437",
"url": "https://www.suse.com/security/cve/CVE-2021-23437"
},
{
"category": "external",
"summary": "SUSE Bug 1190229 for CVE-2021-23437",
"url": "https://bugzilla.suse.com/1190229"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23437"
},
{
"cve": "CVE-2021-25289",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-25289"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-25289",
"url": "https://www.suse.com/security/cve/CVE-2021-25289"
},
{
"category": "external",
"summary": "SUSE Bug 1183103 for CVE-2021-25289",
"url": "https://bugzilla.suse.com/1183103"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2021-25289"
},
{
"cve": "CVE-2021-25290",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-25290"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-25290",
"url": "https://www.suse.com/security/cve/CVE-2021-25290"
},
{
"category": "external",
"summary": "SUSE Bug 1183105 for CVE-2021-25290",
"url": "https://bugzilla.suse.com/1183105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-25290"
},
{
"cve": "CVE-2021-25291",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-25291"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-25291",
"url": "https://www.suse.com/security/cve/CVE-2021-25291"
},
{
"category": "external",
"summary": "SUSE Bug 1183106 for CVE-2021-25291",
"url": "https://bugzilla.suse.com/1183106"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-25291"
},
{
"cve": "CVE-2021-25292",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-25292"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-25292",
"url": "https://www.suse.com/security/cve/CVE-2021-25292"
},
{
"category": "external",
"summary": "SUSE Bug 1183101 for CVE-2021-25292",
"url": "https://bugzilla.suse.com/1183101"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-25292"
},
{
"cve": "CVE-2021-25293",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-25293"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-25293",
"url": "https://www.suse.com/security/cve/CVE-2021-25293"
},
{
"category": "external",
"summary": "SUSE Bug 1183102 for CVE-2021-25293",
"url": "https://bugzilla.suse.com/1183102"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-25293"
},
{
"cve": "CVE-2021-27921",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-27921"
}
],
"notes": [
{
"category": "general",
"text": "Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-27921",
"url": "https://www.suse.com/security/cve/CVE-2021-27921"
},
{
"category": "external",
"summary": "SUSE Bug 1183110 for CVE-2021-27921",
"url": "https://bugzilla.suse.com/1183110"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-27921"
},
{
"cve": "CVE-2021-34552",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-34552"
}
],
"notes": [
{
"category": "general",
"text": "Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-34552",
"url": "https://www.suse.com/security/cve/CVE-2021-34552"
},
{
"category": "external",
"summary": "SUSE Bug 1188574 for CVE-2021-34552",
"url": "https://bugzilla.suse.com/1188574"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-34552"
},
{
"cve": "CVE-2024-28219",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-28219"
}
],
"notes": [
{
"category": "general",
"text": "In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-28219",
"url": "https://www.suse.com/security/cve/CVE-2024-28219"
},
{
"category": "external",
"summary": "SUSE Bug 1222262 for CVE-2024-28219",
"url": "https://bugzilla.suse.com/1222262"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python310-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-10.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-10.3.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-28219"
}
]
}
PYSEC-2021-317
Vulnerability from pysec - Published: 2021-09-03 16:15 - Updated: 2021-09-03 18:35
VLAI
Details
The package pillow from 0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.
Impacted products
| Name | purl | pillow | pkg:pypi/pillow |
|---|
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "pillow",
"purl": "pkg:pypi/pillow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9e08eb8f78fdfd2f476e1b20b7cf38683754866b"
}
],
"repo": "https://github.com/python-pillow/Pillow",
"type": "GIT"
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.3.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.0",
"1.1",
"1.2",
"1.3",
"1.4",
"1.5",
"1.6",
"1.7.0",
"1.7.1",
"1.7.2",
"1.7.3",
"1.7.4",
"1.7.5",
"1.7.6",
"1.7.7",
"1.7.8",
"2.0.0",
"2.1.0",
"2.2.0",
"2.2.1",
"2.2.2",
"2.3.0",
"2.3.1",
"2.3.2",
"2.4.0",
"2.5.0",
"2.5.1",
"2.5.2",
"2.5.3",
"2.6.0",
"2.6.1",
"2.6.2",
"2.7.0",
"2.8.0",
"2.8.1",
"2.8.2",
"2.9.0",
"3.0.0",
"3.1.0",
"3.1.0.rc1",
"3.1.0rc1",
"3.1.1",
"3.1.2",
"3.2.0",
"3.3.0",
"3.3.1",
"3.3.2",
"3.3.3",
"3.4.0",
"3.4.1",
"3.4.2",
"4.0.0",
"4.1.0",
"4.1.1",
"4.2.0",
"4.2.1",
"4.3.0",
"5.0.0",
"5.1.0",
"5.2.0",
"5.3.0",
"5.4.0",
"5.4.0.dev0",
"5.4.1",
"6.0.0",
"6.1.0",
"6.2.0",
"6.2.1",
"6.2.2",
"7.0.0",
"7.1.0",
"7.1.1",
"7.1.2",
"7.2.0",
"8.0.0",
"8.0.1",
"8.1.0",
"8.1.1",
"8.1.2",
"8.2.0",
"8.3.0",
"8.3.1"
]
}
],
"aliases": [
"CVE-2021-23437",
"SNYK-PYTHON-PILLOW-1319443",
"GHSA-98vv-pw6r-q6q4"
],
"details": "The package pillow from 0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.",
"id": "PYSEC-2021-317",
"modified": "2021-09-03T18:35:52.828411Z",
"published": "2021-09-03T16:15:00Z",
"references": [
{
"type": "WEB",
"url": "https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html"
},
{
"type": "FIX",
"url": "https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b"
},
{
"type": "ADVISORY",
"url": "https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-98vv-pw6r-q6q4"
}
]
}
SUSE-SU-2021:3234-1
Vulnerability from csaf_suse - Published: 2021-09-27 14:36 - Updated: 2021-09-27 14:36Summary
Security update for python-Pillow
Severity
Important
Notes
Title of the patch: Security update for python-Pillow
Description of the patch: This update for python-Pillow fixes the following issues:
- CVE-2021-23437: Fixed regular expression denial of service (ReDoS) via the getrgb function (bsc#1190229).
Patchnames: HPE-Helion-OpenStack-8-2021-3234,SUSE-2021-3234,SUSE-OpenStack-Cloud-8-2021-3234,SUSE-OpenStack-Cloud-Crowbar-8-2021-3234
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:python-Pillow-4.2.1-3.20.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.20.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.20.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-Pillow",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-Pillow fixes the following issues:\n\n- CVE-2021-23437: Fixed regular expression denial of service (ReDoS) via the getrgb function (bsc#1190229).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "HPE-Helion-OpenStack-8-2021-3234,SUSE-2021-3234,SUSE-OpenStack-Cloud-8-2021-3234,SUSE-OpenStack-Cloud-Crowbar-8-2021-3234",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_3234-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2021:3234-1",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20213234-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2021:3234-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-September/009513.html"
},
{
"category": "self",
"summary": "SUSE Bug 1190229",
"url": "https://bugzilla.suse.com/1190229"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23437 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23437/"
}
],
"title": "Security update for python-Pillow",
"tracking": {
"current_release_date": "2021-09-27T14:36:34Z",
"generator": {
"date": "2021-09-27T14:36:34Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2021:3234-1",
"initial_release_date": "2021-09-27T14:36:34Z",
"revision_history": [
{
"date": "2021-09-27T14:36:34Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python-Pillow-4.2.1-3.20.2.aarch64",
"product": {
"name": "python-Pillow-4.2.1-3.20.2.aarch64",
"product_id": "python-Pillow-4.2.1-3.20.2.aarch64"
}
},
{
"category": "product_version",
"name": "python3-Pillow-4.2.1-3.20.2.aarch64",
"product": {
"name": "python3-Pillow-4.2.1-3.20.2.aarch64",
"product_id": "python3-Pillow-4.2.1-3.20.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python-Pillow-4.2.1-3.20.2.ppc64le",
"product": {
"name": "python-Pillow-4.2.1-3.20.2.ppc64le",
"product_id": "python-Pillow-4.2.1-3.20.2.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-Pillow-4.2.1-3.20.2.ppc64le",
"product": {
"name": "python3-Pillow-4.2.1-3.20.2.ppc64le",
"product_id": "python3-Pillow-4.2.1-3.20.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python-Pillow-4.2.1-3.20.2.s390x",
"product": {
"name": "python-Pillow-4.2.1-3.20.2.s390x",
"product_id": "python-Pillow-4.2.1-3.20.2.s390x"
}
},
{
"category": "product_version",
"name": "python3-Pillow-4.2.1-3.20.2.s390x",
"product": {
"name": "python3-Pillow-4.2.1-3.20.2.s390x",
"product_id": "python3-Pillow-4.2.1-3.20.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python-Pillow-4.2.1-3.20.2.x86_64",
"product": {
"name": "python-Pillow-4.2.1-3.20.2.x86_64",
"product_id": "python-Pillow-4.2.1-3.20.2.x86_64"
}
},
{
"category": "product_version",
"name": "python3-Pillow-4.2.1-3.20.2.x86_64",
"product": {
"name": "python3-Pillow-4.2.1-3.20.2.x86_64",
"product_id": "python3-Pillow-4.2.1-3.20.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "HPE Helion OpenStack 8",
"product": {
"name": "HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:hpe-helion-openstack:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 8",
"product": {
"name": "SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 8",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:8"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python-Pillow-4.2.1-3.20.2.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:python-Pillow-4.2.1-3.20.2.x86_64"
},
"product_reference": "python-Pillow-4.2.1-3.20.2.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-Pillow-4.2.1-3.20.2.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.20.2.x86_64"
},
"product_reference": "python-Pillow-4.2.1-3.20.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-Pillow-4.2.1-3.20.2.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.20.2.x86_64"
},
"product_reference": "python-Pillow-4.2.1-3.20.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-23437",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23437"
}
],
"notes": [
{
"category": "general",
"text": "The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:python-Pillow-4.2.1-3.20.2.x86_64",
"SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.20.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.20.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23437",
"url": "https://www.suse.com/security/cve/CVE-2021-23437"
},
{
"category": "external",
"summary": "SUSE Bug 1190229 for CVE-2021-23437",
"url": "https://bugzilla.suse.com/1190229"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:python-Pillow-4.2.1-3.20.2.x86_64",
"SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.20.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.20.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:python-Pillow-4.2.1-3.20.2.x86_64",
"SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.20.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.20.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-09-27T14:36:34Z",
"details": "important"
}
],
"title": "CVE-2021-23437"
}
]
}
SUSE-SU-2021:3235-1
Vulnerability from csaf_suse - Published: 2021-09-27 14:36 - Updated: 2021-09-27 14:36Summary
Security update for python-Pillow
Severity
Important
Notes
Title of the patch: Security update for python-Pillow
Description of the patch: This update for python-Pillow fixes the following issues:
- CVE-2021-23437: Fixed regular expression denial of service (ReDoS) via the getrgb function (bsc#1190229).
Patchnames: SUSE-2021-3235,SUSE-OpenStack-Cloud-9-2021-3235,SUSE-OpenStack-Cloud-Crowbar-9-2021-3235
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.14.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-Pillow",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-Pillow fixes the following issues:\n\n- CVE-2021-23437: Fixed regular expression denial of service (ReDoS) via the getrgb function (bsc#1190229).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2021-3235,SUSE-OpenStack-Cloud-9-2021-3235,SUSE-OpenStack-Cloud-Crowbar-9-2021-3235",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_3235-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2021:3235-1",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20213235-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2021:3235-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-September/009514.html"
},
{
"category": "self",
"summary": "SUSE Bug 1190229",
"url": "https://bugzilla.suse.com/1190229"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23437 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23437/"
}
],
"title": "Security update for python-Pillow",
"tracking": {
"current_release_date": "2021-09-27T14:36:47Z",
"generator": {
"date": "2021-09-27T14:36:47Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2021:3235-1",
"initial_release_date": "2021-09-27T14:36:47Z",
"revision_history": [
{
"date": "2021-09-27T14:36:47Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python-Pillow-5.2.0-3.14.1.aarch64",
"product": {
"name": "python-Pillow-5.2.0-3.14.1.aarch64",
"product_id": "python-Pillow-5.2.0-3.14.1.aarch64"
}
},
{
"category": "product_version",
"name": "python3-Pillow-5.2.0-3.14.1.aarch64",
"product": {
"name": "python3-Pillow-5.2.0-3.14.1.aarch64",
"product_id": "python3-Pillow-5.2.0-3.14.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python-Pillow-5.2.0-3.14.1.ppc64le",
"product": {
"name": "python-Pillow-5.2.0-3.14.1.ppc64le",
"product_id": "python-Pillow-5.2.0-3.14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-Pillow-5.2.0-3.14.1.ppc64le",
"product": {
"name": "python3-Pillow-5.2.0-3.14.1.ppc64le",
"product_id": "python3-Pillow-5.2.0-3.14.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python-Pillow-5.2.0-3.14.1.s390x",
"product": {
"name": "python-Pillow-5.2.0-3.14.1.s390x",
"product_id": "python-Pillow-5.2.0-3.14.1.s390x"
}
},
{
"category": "product_version",
"name": "python3-Pillow-5.2.0-3.14.1.s390x",
"product": {
"name": "python3-Pillow-5.2.0-3.14.1.s390x",
"product_id": "python3-Pillow-5.2.0-3.14.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python-Pillow-5.2.0-3.14.1.x86_64",
"product": {
"name": "python-Pillow-5.2.0-3.14.1.x86_64",
"product_id": "python-Pillow-5.2.0-3.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-Pillow-5.2.0-3.14.1.x86_64",
"product": {
"name": "python3-Pillow-5.2.0-3.14.1.x86_64",
"product_id": "python3-Pillow-5.2.0-3.14.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 9",
"product": {
"name": "SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:9"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 9",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:9"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python-Pillow-5.2.0-3.14.1.x86_64 as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.14.1.x86_64"
},
"product_reference": "python-Pillow-5.2.0-3.14.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-Pillow-5.2.0-3.14.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.14.1.x86_64"
},
"product_reference": "python-Pillow-5.2.0-3.14.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-23437",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23437"
}
],
"notes": [
{
"category": "general",
"text": "The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.14.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23437",
"url": "https://www.suse.com/security/cve/CVE-2021-23437"
},
{
"category": "external",
"summary": "SUSE Bug 1190229 for CVE-2021-23437",
"url": "https://bugzilla.suse.com/1190229"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.14.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.14.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-09-27T14:36:47Z",
"details": "important"
}
],
"title": "CVE-2021-23437"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…