Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-54059 (GCVE-0-2026-54059)
Vulnerability from cvelistv5 – Published: 2026-07-06 18:46 – Updated: 2026-07-07 16:57- CWE-789 - Memory Allocation with Excessive Size Value
| URL | Tags |
|---|---|
| https://github.com/python-pillow/Pillow/security/… | x_refsource_CONFIRM |
| https://github.com/python-pillow/Pillow/commit/0a… | x_refsource_MISC |
| https://github.com/python-pillow/Pillow/blob/main… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| python-pillow | Pillow |
Affected:
< 12.3.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-54059",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-07T16:44:18.151665Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-07T16:57:53.021Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-8v84-f9pq-wr9x"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Pillow",
"vendor": "python-pillow",
"versions": [
{
"status": "affected",
"version": "\u003c 12.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py _load_bitmaps() read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes() without calling Image._decompression_bomb_check(), allowing crafted PCF font data to cause excessive memory allocation. This issue is fixed in version 12.3.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789: Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T18:47:07.748Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-8v84-f9pq-wr9x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-8v84-f9pq-wr9x"
},
{
"name": "https://github.com/python-pillow/Pillow/commit/0a263e6264aa5399988d9acd3bbfbca2ca3ec77d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-pillow/Pillow/commit/0a263e6264aa5399988d9acd3bbfbca2ca3ec77d"
},
{
"name": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst"
}
],
"source": {
"advisory": "GHSA-8v84-f9pq-wr9x",
"discovery": "UNKNOWN"
},
"title": "Pillow: PcfFontFile._load_bitmaps()`: `Image.frombytes()` called without `_decompression_bomb_check()` \u2014 bomb protection bypass via PCF font loading"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-54059",
"datePublished": "2026-07-06T18:46:09.433Z",
"dateReserved": "2026-06-11T18:24:35.096Z",
"dateUpdated": "2026-07-07T16:57:53.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-54059",
"date": "2026-07-14",
"epss": "0.00354",
"percentile": "0.27509"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-54059\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-07-06T19:17:08.127\",\"lastModified\":\"2026-07-07T18:58:26.730\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py _load_bitmaps() read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes() without calling Image._decompression_bomb_check(), allowing crafted PCF font data to cause excessive memory allocation. This issue is fixed in version 12.3.0.\"}],\"affected\":[{\"source\":\"security-advisories@github.com\",\"affectedData\":[{\"vendor\":\"python-pillow\",\"product\":\"Pillow\",\"versions\":[{\"version\":\"\u003c 12.3.0\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-07-07T16:44:18.151665Z\",\"id\":\"CVE-2026-54059\",\"options\":[{\"exploitation\":\"poc\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-789\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.3.0\",\"matchCriteriaId\":\"6372231F-529B-45CD-978E-3F2AEFF5F95C\"}]}]}],\"references\":[{\"url\":\"https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/python-pillow/Pillow/commit/0a263e6264aa5399988d9acd3bbfbca2ca3ec77d\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/python-pillow/Pillow/security/advisories/GHSA-8v84-f9pq-wr9x\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/python-pillow/Pillow/security/advisories/GHSA-8v84-f9pq-wr9x\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
"redhat_vex": {
"aggregate_severity": "Important",
"current_release_date": "2026-07-14T10:53:27+00:00",
"cve": "CVE-2026-54059",
"id": "CVE-2026-54059",
"initial_release_date": "2026-07-06T18:46:09.433000+00:00",
"product_status:fixed": "52",
"product_status:known_affected": "10",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "python-pillow: Pillow: Denial of Service via crafted PCF font data",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-54059.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"cna\": {\"title\": \"Pillow: PcfFontFile._load_bitmaps()`: `Image.frombytes()` called without `_decompression_bomb_check()` \\u2014 bomb protection bypass via PCF font loading\", \"source\": {\"advisory\": \"GHSA-8v84-f9pq-wr9x\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"python-pillow\", \"product\": \"Pillow\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 12.3.0\"}]}], \"references\": [{\"url\": \"https://github.com/python-pillow/Pillow/security/advisories/GHSA-8v84-f9pq-wr9x\", \"name\": \"https://github.com/python-pillow/Pillow/security/advisories/GHSA-8v84-f9pq-wr9x\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/python-pillow/Pillow/commit/0a263e6264aa5399988d9acd3bbfbca2ca3ec77d\", \"name\": \"https://github.com/python-pillow/Pillow/commit/0a263e6264aa5399988d9acd3bbfbca2ca3ec77d\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst\", \"name\": \"https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py _load_bitmaps() read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes() without calling Image._decompression_bomb_check(), allowing crafted PCF font data to cause excessive memory allocation. This issue is fixed in version 12.3.0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-789\", \"description\": \"CWE-789: Memory Allocation with Excessive Size Value\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-07-06T18:47:07.748Z\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-54059\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-07-07T16:44:18.151665Z\"}}}], \"references\": [{\"url\": \"https://github.com/python-pillow/Pillow/security/advisories/GHSA-8v84-f9pq-wr9x\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"shortName\": \"CISA-ADP\", \"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"dateUpdated\": \"2026-07-07T16:44:30.369Z\"}}]}",
"cveMetadata": "{\"cveId\": \"CVE-2026-54059\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-06T18:47:07.748Z\", \"dateReserved\": \"2026-06-11T18:24:35.096Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-07-06T18:46:09.433Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
alsa-2026:39127
Vulnerability from osv_almalinux
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
Security Fix(es):
- python-pillow: Pillow: Denial of Service via crafted BDF font file (CVE-2026-55379)
- python-pillow: Pillow: Denial of Service via crafted GD 2.x image file (CVE-2026-55380)
- python-pillow: Pillow: Denial of Service via crafted PCF font data (CVE-2026-54059)
- python-pillow: Pillow: Denial of Service via excessive memory allocation when processing font files (CVE-2026-54060)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python3-pillow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.1-22.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python3-pillow-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.1-22.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python3-pillow-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.1-22.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python3-pillow-tk"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.1-22.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. \n\nSecurity Fix(es): \n\n * python-pillow: Pillow: Denial of Service via crafted BDF font file (CVE-2026-55379)\n * python-pillow: Pillow: Denial of Service via crafted GD 2.x image file (CVE-2026-55380)\n * python-pillow: Pillow: Denial of Service via crafted PCF font data (CVE-2026-54059)\n * python-pillow: Pillow: Denial of Service via excessive memory allocation when processing font files (CVE-2026-54060)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2026:39127",
"modified": "2026-07-14T10:11:15Z",
"published": "2026-07-14T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:39127"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-54059"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-54060"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-55379"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-55380"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2497452"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2497455"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2497464"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2497466"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2026-39127.html"
}
],
"related": [
"CVE-2026-55379",
"CVE-2026-55380",
"CVE-2026-54059",
"CVE-2026-54060"
],
"summary": "Important: python-pillow security update"
}
bit-pillow-2026-54059
Vulnerability from bitnami_vulndb
Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py _load_bitmaps() read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes() without calling Image._decompression_bomb_check(), allowing crafted PCF font data to cause excessive memory allocation. This issue is fixed in version 12.3.0.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "pillow",
"purl": "pkg:bitnami/pillow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.3.0"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2026-54059"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*"
],
"severity": "High"
},
"details": "Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py _load_bitmaps() read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes() without calling Image._decompression_bomb_check(), allowing crafted PCF font data to cause excessive memory allocation. This issue is fixed in version 12.3.0.",
"id": "BIT-pillow-2026-54059",
"modified": "2026-07-08T11:55:33.732Z",
"published": "2026-07-08T11:34:09.383Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst"
},
{
"type": "WEB",
"url": "https://github.com/python-pillow/Pillow/commit/0a263e6264aa5399988d9acd3bbfbca2ca3ec77d"
},
{
"type": "WEB",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-8v84-f9pq-wr9x"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-54059"
}
],
"schema_version": "1.6.2",
"summary": "Pillow: PcfFontFile._load_bitmaps()`: `Image.frombytes()` called without `_decompression_bomb_check()` \u2014 bomb protection bypass via PCF font loading"
}
FKIE_CVE-2026-54059
Vulnerability from fkie_nvd - Published: 2026-07-06 19:17 - Updated: 2026-07-07 18:58| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst | Release Notes | |
| security-advisories@github.com | https://github.com/python-pillow/Pillow/commit/0a263e6264aa5399988d9acd3bbfbca2ca3ec77d | Patch | |
| security-advisories@github.com | https://github.com/python-pillow/Pillow/security/advisories/GHSA-8v84-f9pq-wr9x | Exploit, Vendor Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/python-pillow/Pillow/security/advisories/GHSA-8v84-f9pq-wr9x | Exploit, Vendor Advisory |
{
"affected": [
{
"affectedData": [
{
"product": "Pillow",
"vendor": "python-pillow",
"versions": [
{
"status": "affected",
"version": "\u003c 12.3.0"
}
]
}
],
"source": "security-advisories@github.com"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6372231F-529B-45CD-978E-3F2AEFF5F95C",
"versionEndExcluding": "12.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py _load_bitmaps() read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes() without calling Image._decompression_bomb_check(), allowing crafted PCF font data to cause excessive memory allocation. This issue is fixed in version 12.3.0."
}
],
"id": "CVE-2026-54059",
"lastModified": "2026-07-07T18:58:26.730",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-54059",
"options": [
{
"exploitation": "poc"
},
{
"automatable": "yes"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-07T16:44:18.151665Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-07-06T19:17:08.127",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/python-pillow/Pillow/commit/0a263e6264aa5399988d9acd3bbfbca2ca3ec77d"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-8v84-f9pq-wr9x"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-8v84-f9pq-wr9x"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-789"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
OPENSUSE-SU-2026:11261-1
Vulnerability from csaf_opensuse - Published: 2026-07-12 00:00 - Updated: 2026-07-12 00:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64 | — |
Vendor Fix
|
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2014-3589/ | self |
| https://www.suse.com/security/cve/CVE-2014-3598/ | self |
| https://www.suse.com/security/cve/CVE-2016-0740/ | self |
| https://www.suse.com/security/cve/CVE-2016-0775/ | self |
| https://www.suse.com/security/cve/CVE-2016-3076/ | self |
| https://www.suse.com/security/cve/CVE-2020-15999/ | self |
| https://www.suse.com/security/cve/CVE-2020-35653/ | self |
| https://www.suse.com/security/cve/CVE-2020-35654/ | self |
| https://www.suse.com/security/cve/CVE-2020-35655/ | self |
| https://www.suse.com/security/cve/CVE-2021-23437/ | self |
| https://www.suse.com/security/cve/CVE-2021-25289/ | self |
| https://www.suse.com/security/cve/CVE-2021-25290/ | self |
| https://www.suse.com/security/cve/CVE-2021-25291/ | self |
| https://www.suse.com/security/cve/CVE-2021-25292/ | self |
| https://www.suse.com/security/cve/CVE-2021-25293/ | self |
| https://www.suse.com/security/cve/CVE-2021-27921/ | self |
| https://www.suse.com/security/cve/CVE-2021-34552/ | self |
| https://www.suse.com/security/cve/CVE-2023-44271/ | self |
| https://www.suse.com/security/cve/CVE-2023-50447/ | self |
| https://www.suse.com/security/cve/CVE-2024-28219/ | self |
| https://www.suse.com/security/cve/CVE-2026-42311/ | self |
| https://www.suse.com/security/cve/CVE-2026-4775/ | self |
| https://www.suse.com/security/cve/CVE-2026-54059/ | self |
| https://www.suse.com/security/cve/CVE-2026-55379/ | self |
| https://www.suse.com/security/cve/CVE-2014-3589 | external |
| https://bugzilla.suse.com/921566 | external |
| https://www.suse.com/security/cve/CVE-2014-3598 | external |
| https://bugzilla.suse.com/921566 | external |
| https://www.suse.com/security/cve/CVE-2016-0740 | external |
| https://bugzilla.suse.com/965579 | external |
| https://bugzilla.suse.com/965582 | external |
| https://www.suse.com/security/cve/CVE-2016-0775 | external |
| https://bugzilla.suse.com/965579 | external |
| https://bugzilla.suse.com/965582 | external |
| https://www.suse.com/security/cve/CVE-2016-3076 | external |
| https://bugzilla.suse.com/973786 | external |
| https://www.suse.com/security/cve/CVE-2020-15999 | external |
| https://bugzilla.suse.com/1177914 | external |
| https://bugzilla.suse.com/1177936 | external |
| https://bugzilla.suse.com/1178824 | external |
| https://bugzilla.suse.com/1178894 | external |
| https://www.suse.com/security/cve/CVE-2020-35653 | external |
| https://bugzilla.suse.com/1180834 | external |
| https://www.suse.com/security/cve/CVE-2020-35654 | external |
| https://bugzilla.suse.com/1180833 | external |
| https://bugzilla.suse.com/1183103 | external |
| https://www.suse.com/security/cve/CVE-2020-35655 | external |
| https://bugzilla.suse.com/1180832 | external |
| https://www.suse.com/security/cve/CVE-2021-23437 | external |
| https://bugzilla.suse.com/1190229 | external |
| https://www.suse.com/security/cve/CVE-2021-25289 | external |
| https://bugzilla.suse.com/1183103 | external |
| https://www.suse.com/security/cve/CVE-2021-25290 | external |
| https://bugzilla.suse.com/1183105 | external |
| https://www.suse.com/security/cve/CVE-2021-25291 | external |
| https://bugzilla.suse.com/1183106 | external |
| https://www.suse.com/security/cve/CVE-2021-25292 | external |
| https://bugzilla.suse.com/1183101 | external |
| https://www.suse.com/security/cve/CVE-2021-25293 | external |
| https://bugzilla.suse.com/1183102 | external |
| https://www.suse.com/security/cve/CVE-2021-27921 | external |
| https://bugzilla.suse.com/1183110 | external |
| https://www.suse.com/security/cve/CVE-2021-34552 | external |
| https://bugzilla.suse.com/1188574 | external |
| https://www.suse.com/security/cve/CVE-2023-44271 | external |
| https://bugzilla.suse.com/1216894 | external |
| https://www.suse.com/security/cve/CVE-2023-50447 | external |
| https://bugzilla.suse.com/1219048 | external |
| https://www.suse.com/security/cve/CVE-2024-28219 | external |
| https://bugzilla.suse.com/1222262 | external |
| https://www.suse.com/security/cve/CVE-2026-42311 | external |
| https://bugzilla.suse.com/1270404 | external |
| https://www.suse.com/security/cve/CVE-2026-4775 | external |
| https://bugzilla.suse.com/1260411 | external |
| https://www.suse.com/security/cve/CVE-2026-54059 | external |
| https://bugzilla.suse.com/1270409 | external |
| https://www.suse.com/security/cve/CVE-2026-55379 | external |
| https://bugzilla.suse.com/1270411 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python313-Pillow-12.3.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python313-Pillow-12.3.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-11261",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_11261-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-3589 page",
"url": "https://www.suse.com/security/cve/CVE-2014-3589/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-3598 page",
"url": "https://www.suse.com/security/cve/CVE-2014-3598/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-0740 page",
"url": "https://www.suse.com/security/cve/CVE-2016-0740/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-0775 page",
"url": "https://www.suse.com/security/cve/CVE-2016-0775/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3076 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15999 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15999/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-35653 page",
"url": "https://www.suse.com/security/cve/CVE-2020-35653/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-35654 page",
"url": "https://www.suse.com/security/cve/CVE-2020-35654/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-35655 page",
"url": "https://www.suse.com/security/cve/CVE-2020-35655/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23437 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23437/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-25289 page",
"url": "https://www.suse.com/security/cve/CVE-2021-25289/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-25290 page",
"url": "https://www.suse.com/security/cve/CVE-2021-25290/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-25291 page",
"url": "https://www.suse.com/security/cve/CVE-2021-25291/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-25292 page",
"url": "https://www.suse.com/security/cve/CVE-2021-25292/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-25293 page",
"url": "https://www.suse.com/security/cve/CVE-2021-25293/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-27921 page",
"url": "https://www.suse.com/security/cve/CVE-2021-27921/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-34552 page",
"url": "https://www.suse.com/security/cve/CVE-2021-34552/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-44271 page",
"url": "https://www.suse.com/security/cve/CVE-2023-44271/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-50447 page",
"url": "https://www.suse.com/security/cve/CVE-2023-50447/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-28219 page",
"url": "https://www.suse.com/security/cve/CVE-2024-28219/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42311 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42311/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-4775 page",
"url": "https://www.suse.com/security/cve/CVE-2026-4775/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-54059 page",
"url": "https://www.suse.com/security/cve/CVE-2026-54059/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-55379 page",
"url": "https://www.suse.com/security/cve/CVE-2026-55379/"
}
],
"title": "python313-Pillow-12.3.0-1.1 on GA media",
"tracking": {
"current_release_date": "2026-07-12T00:00:00Z",
"generator": {
"date": "2026-07-12T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:11261-1",
"initial_release_date": "2026-07-12T00:00:00Z",
"revision_history": [
{
"date": "2026-07-12T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python313-Pillow-12.3.0-1.1.aarch64",
"product": {
"name": "python313-Pillow-12.3.0-1.1.aarch64",
"product_id": "python313-Pillow-12.3.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python313-Pillow-tk-12.3.0-1.1.aarch64",
"product": {
"name": "python313-Pillow-tk-12.3.0-1.1.aarch64",
"product_id": "python313-Pillow-tk-12.3.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python314-Pillow-12.3.0-1.1.aarch64",
"product": {
"name": "python314-Pillow-12.3.0-1.1.aarch64",
"product_id": "python314-Pillow-12.3.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python314-Pillow-tk-12.3.0-1.1.aarch64",
"product": {
"name": "python314-Pillow-tk-12.3.0-1.1.aarch64",
"product_id": "python314-Pillow-tk-12.3.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python313-Pillow-12.3.0-1.1.ppc64le",
"product": {
"name": "python313-Pillow-12.3.0-1.1.ppc64le",
"product_id": "python313-Pillow-12.3.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-Pillow-tk-12.3.0-1.1.ppc64le",
"product": {
"name": "python313-Pillow-tk-12.3.0-1.1.ppc64le",
"product_id": "python313-Pillow-tk-12.3.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python314-Pillow-12.3.0-1.1.ppc64le",
"product": {
"name": "python314-Pillow-12.3.0-1.1.ppc64le",
"product_id": "python314-Pillow-12.3.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python314-Pillow-tk-12.3.0-1.1.ppc64le",
"product": {
"name": "python314-Pillow-tk-12.3.0-1.1.ppc64le",
"product_id": "python314-Pillow-tk-12.3.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python313-Pillow-12.3.0-1.1.s390x",
"product": {
"name": "python313-Pillow-12.3.0-1.1.s390x",
"product_id": "python313-Pillow-12.3.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-Pillow-tk-12.3.0-1.1.s390x",
"product": {
"name": "python313-Pillow-tk-12.3.0-1.1.s390x",
"product_id": "python313-Pillow-tk-12.3.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python314-Pillow-12.3.0-1.1.s390x",
"product": {
"name": "python314-Pillow-12.3.0-1.1.s390x",
"product_id": "python314-Pillow-12.3.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python314-Pillow-tk-12.3.0-1.1.s390x",
"product": {
"name": "python314-Pillow-tk-12.3.0-1.1.s390x",
"product_id": "python314-Pillow-tk-12.3.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python313-Pillow-12.3.0-1.1.x86_64",
"product": {
"name": "python313-Pillow-12.3.0-1.1.x86_64",
"product_id": "python313-Pillow-12.3.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-Pillow-tk-12.3.0-1.1.x86_64",
"product": {
"name": "python313-Pillow-tk-12.3.0-1.1.x86_64",
"product_id": "python313-Pillow-tk-12.3.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python314-Pillow-12.3.0-1.1.x86_64",
"product": {
"name": "python314-Pillow-12.3.0-1.1.x86_64",
"product_id": "python314-Pillow-12.3.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python314-Pillow-tk-12.3.0-1.1.x86_64",
"product": {
"name": "python314-Pillow-tk-12.3.0-1.1.x86_64",
"product_id": "python314-Pillow-tk-12.3.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-Pillow-12.3.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64"
},
"product_reference": "python313-Pillow-12.3.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-Pillow-12.3.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le"
},
"product_reference": "python313-Pillow-12.3.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-Pillow-12.3.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x"
},
"product_reference": "python313-Pillow-12.3.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-Pillow-12.3.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64"
},
"product_reference": "python313-Pillow-12.3.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-Pillow-tk-12.3.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64"
},
"product_reference": "python313-Pillow-tk-12.3.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-Pillow-tk-12.3.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le"
},
"product_reference": "python313-Pillow-tk-12.3.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-Pillow-tk-12.3.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x"
},
"product_reference": "python313-Pillow-tk-12.3.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-Pillow-tk-12.3.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64"
},
"product_reference": "python313-Pillow-tk-12.3.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-Pillow-12.3.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64"
},
"product_reference": "python314-Pillow-12.3.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-Pillow-12.3.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le"
},
"product_reference": "python314-Pillow-12.3.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-Pillow-12.3.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x"
},
"product_reference": "python314-Pillow-12.3.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-Pillow-12.3.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64"
},
"product_reference": "python314-Pillow-12.3.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-Pillow-tk-12.3.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64"
},
"product_reference": "python314-Pillow-tk-12.3.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-Pillow-tk-12.3.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le"
},
"product_reference": "python314-Pillow-tk-12.3.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-Pillow-tk-12.3.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x"
},
"product_reference": "python314-Pillow-tk-12.3.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-Pillow-tk-12.3.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
},
"product_reference": "python314-Pillow-tk-12.3.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-3589",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-3589"
}
],
"notes": [
{
"category": "general",
"text": "PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-3589",
"url": "https://www.suse.com/security/cve/CVE-2014-3589"
},
{
"category": "external",
"summary": "SUSE Bug 921566 for CVE-2014-3589",
"url": "https://bugzilla.suse.com/921566"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-12T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-3589"
},
{
"cve": "CVE-2014-3598",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-3598"
}
],
"notes": [
{
"category": "general",
"text": "The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-3598",
"url": "https://www.suse.com/security/cve/CVE-2014-3598"
},
{
"category": "external",
"summary": "SUSE Bug 921566 for CVE-2014-3598",
"url": "https://bugzilla.suse.com/921566"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-12T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-3598"
},
{
"cve": "CVE-2016-0740",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-0740"
}
],
"notes": [
{
"category": "general",
"text": "Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-0740",
"url": "https://www.suse.com/security/cve/CVE-2016-0740"
},
{
"category": "external",
"summary": "SUSE Bug 965579 for CVE-2016-0740",
"url": "https://bugzilla.suse.com/965579"
},
{
"category": "external",
"summary": "SUSE Bug 965582 for CVE-2016-0740",
"url": "https://bugzilla.suse.com/965582"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-12T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-0740"
},
{
"cve": "CVE-2016-0775",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-0775"
}
],
"notes": [
{
"category": "general",
"text": "Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-0775",
"url": "https://www.suse.com/security/cve/CVE-2016-0775"
},
{
"category": "external",
"summary": "SUSE Bug 965579 for CVE-2016-0775",
"url": "https://bugzilla.suse.com/965579"
},
{
"category": "external",
"summary": "SUSE Bug 965582 for CVE-2016-0775",
"url": "https://bugzilla.suse.com/965582"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-12T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-0775"
},
{
"cve": "CVE-2016-3076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3076"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3076",
"url": "https://www.suse.com/security/cve/CVE-2016-3076"
},
{
"category": "external",
"summary": "SUSE Bug 973786 for CVE-2016-3076",
"url": "https://bugzilla.suse.com/973786"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-12T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-3076"
},
{
"cve": "CVE-2020-15999",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15999"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15999",
"url": "https://www.suse.com/security/cve/CVE-2020-15999"
},
{
"category": "external",
"summary": "SUSE Bug 1177914 for CVE-2020-15999",
"url": "https://bugzilla.suse.com/1177914"
},
{
"category": "external",
"summary": "SUSE Bug 1177936 for CVE-2020-15999",
"url": "https://bugzilla.suse.com/1177936"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-15999",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-15999",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-12T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15999"
},
{
"cve": "CVE-2020-35653",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-35653"
}
],
"notes": [
{
"category": "general",
"text": "In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-35653",
"url": "https://www.suse.com/security/cve/CVE-2020-35653"
},
{
"category": "external",
"summary": "SUSE Bug 1180834 for CVE-2020-35653",
"url": "https://bugzilla.suse.com/1180834"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-12T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-35653"
},
{
"cve": "CVE-2020-35654",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-35654"
}
],
"notes": [
{
"category": "general",
"text": "In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-35654",
"url": "https://www.suse.com/security/cve/CVE-2020-35654"
},
{
"category": "external",
"summary": "SUSE Bug 1180833 for CVE-2020-35654",
"url": "https://bugzilla.suse.com/1180833"
},
{
"category": "external",
"summary": "SUSE Bug 1183103 for CVE-2020-35654",
"url": "https://bugzilla.suse.com/1183103"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-12T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-35654"
},
{
"cve": "CVE-2020-35655",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-35655"
}
],
"notes": [
{
"category": "general",
"text": "In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-35655",
"url": "https://www.suse.com/security/cve/CVE-2020-35655"
},
{
"category": "external",
"summary": "SUSE Bug 1180832 for CVE-2020-35655",
"url": "https://bugzilla.suse.com/1180832"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-12T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-35655"
},
{
"cve": "CVE-2021-23437",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23437"
}
],
"notes": [
{
"category": "general",
"text": "The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23437",
"url": "https://www.suse.com/security/cve/CVE-2021-23437"
},
{
"category": "external",
"summary": "SUSE Bug 1190229 for CVE-2021-23437",
"url": "https://bugzilla.suse.com/1190229"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-12T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23437"
},
{
"cve": "CVE-2021-25289",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-25289"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-25289",
"url": "https://www.suse.com/security/cve/CVE-2021-25289"
},
{
"category": "external",
"summary": "SUSE Bug 1183103 for CVE-2021-25289",
"url": "https://bugzilla.suse.com/1183103"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-12T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2021-25289"
},
{
"cve": "CVE-2021-25290",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-25290"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-25290",
"url": "https://www.suse.com/security/cve/CVE-2021-25290"
},
{
"category": "external",
"summary": "SUSE Bug 1183105 for CVE-2021-25290",
"url": "https://bugzilla.suse.com/1183105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-12T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-25290"
},
{
"cve": "CVE-2021-25291",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-25291"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-25291",
"url": "https://www.suse.com/security/cve/CVE-2021-25291"
},
{
"category": "external",
"summary": "SUSE Bug 1183106 for CVE-2021-25291",
"url": "https://bugzilla.suse.com/1183106"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-12T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-25291"
},
{
"cve": "CVE-2021-25292",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-25292"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-25292",
"url": "https://www.suse.com/security/cve/CVE-2021-25292"
},
{
"category": "external",
"summary": "SUSE Bug 1183101 for CVE-2021-25292",
"url": "https://bugzilla.suse.com/1183101"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-12T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-25292"
},
{
"cve": "CVE-2021-25293",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-25293"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-25293",
"url": "https://www.suse.com/security/cve/CVE-2021-25293"
},
{
"category": "external",
"summary": "SUSE Bug 1183102 for CVE-2021-25293",
"url": "https://bugzilla.suse.com/1183102"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-12T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-25293"
},
{
"cve": "CVE-2021-27921",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-27921"
}
],
"notes": [
{
"category": "general",
"text": "Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-27921",
"url": "https://www.suse.com/security/cve/CVE-2021-27921"
},
{
"category": "external",
"summary": "SUSE Bug 1183110 for CVE-2021-27921",
"url": "https://bugzilla.suse.com/1183110"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-12T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-27921"
},
{
"cve": "CVE-2021-34552",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-34552"
}
],
"notes": [
{
"category": "general",
"text": "Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-34552",
"url": "https://www.suse.com/security/cve/CVE-2021-34552"
},
{
"category": "external",
"summary": "SUSE Bug 1188574 for CVE-2021-34552",
"url": "https://bugzilla.suse.com/1188574"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-12T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-34552"
},
{
"cve": "CVE-2023-44271",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-44271"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-44271",
"url": "https://www.suse.com/security/cve/CVE-2023-44271"
},
{
"category": "external",
"summary": "SUSE Bug 1216894 for CVE-2023-44271",
"url": "https://bugzilla.suse.com/1216894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-12T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-44271"
},
{
"cve": "CVE-2023-50447",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-50447"
}
],
"notes": [
{
"category": "general",
"text": "Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-50447",
"url": "https://www.suse.com/security/cve/CVE-2023-50447"
},
{
"category": "external",
"summary": "SUSE Bug 1219048 for CVE-2023-50447",
"url": "https://bugzilla.suse.com/1219048"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-12T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-50447"
},
{
"cve": "CVE-2024-28219",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-28219"
}
],
"notes": [
{
"category": "general",
"text": "In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-28219",
"url": "https://www.suse.com/security/cve/CVE-2024-28219"
},
{
"category": "external",
"summary": "SUSE Bug 1222262 for CVE-2024-28219",
"url": "https://bugzilla.suse.com/1222262"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-12T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-28219"
},
{
"cve": "CVE-2026-42311",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42311"
}
],
"notes": [
{
"category": "general",
"text": "Pillow is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution. This issue has been patched in version 12.2.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42311",
"url": "https://www.suse.com/security/cve/CVE-2026-42311"
},
{
"category": "external",
"summary": "SUSE Bug 1270404 for CVE-2026-42311",
"url": "https://bugzilla.suse.com/1270404"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-12T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42311"
},
{
"cve": "CVE-2026-4775",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-4775"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potentially causing a denial of service (application crash) or arbitrary code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-4775",
"url": "https://www.suse.com/security/cve/CVE-2026-4775"
},
{
"category": "external",
"summary": "SUSE Bug 1260411 for CVE-2026-4775",
"url": "https://bugzilla.suse.com/1260411"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-12T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-4775"
},
{
"cve": "CVE-2026-54059",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-54059"
}
],
"notes": [
{
"category": "general",
"text": "Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py _load_bitmaps() read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes() without calling Image._decompression_bomb_check(), allowing crafted PCF font data to cause excessive memory allocation. This issue is fixed in version 12.3.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-54059",
"url": "https://www.suse.com/security/cve/CVE-2026-54059"
},
{
"category": "external",
"summary": "SUSE Bug 1270409 for CVE-2026-54059",
"url": "https://bugzilla.suse.com/1270409"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-12T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-54059"
},
{
"cve": "CVE-2026-55379",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-55379"
}
],
"notes": [
{
"category": "general",
"text": "Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdf_char() read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new() without calling Image._decompression_bomb_check(), bypassing Pillow\u0027s documented decompression bomb protection and allowing excessive memory allocation. This issue is fixed in version 12.3.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-55379",
"url": "https://www.suse.com/security/cve/CVE-2026-55379"
},
{
"category": "external",
"summary": "SUSE Bug 1270411 for CVE-2026-55379",
"url": "https://bugzilla.suse.com/1270411"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-12.3.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.s390x",
"openSUSE Tumbleweed:python314-Pillow-tk-12.3.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-12T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-55379"
}
]
}
PYSEC-2026-2253
Vulnerability from pysec - Published: 2026-07-06 19:17 - Updated: 2026-07-13 05:50Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py _load_bitmaps() read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes() without calling Image._decompression_bomb_check(), allowing crafted PCF font data to cause excessive memory allocation. This issue is fixed in version 12.3.0.
| Name | purl | pillow | pkg:pypi/pillow |
|---|
{
"affected": [
{
"ecosystem_specific": {},
"package": {
"ecosystem": "PyPI",
"name": "pillow",
"purl": "pkg:pypi/pillow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.3.0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.0",
"1.1",
"1.2",
"1.3",
"1.4",
"1.5",
"1.6",
"1.7.0",
"1.7.1",
"1.7.2",
"1.7.3",
"1.7.4",
"1.7.5",
"1.7.6",
"1.7.7",
"1.7.8",
"10.0.0",
"10.0.1",
"10.1.0",
"10.2.0",
"10.3.0",
"10.4.0",
"11.0.0",
"11.1.0",
"11.2.1",
"11.3.0",
"12.0.0",
"12.1.0",
"12.1.1",
"12.2.0",
"2.0.0",
"2.1.0",
"2.2.0",
"2.2.1",
"2.2.2",
"2.3.0",
"2.3.1",
"2.3.2",
"2.4.0",
"2.5.0",
"2.5.1",
"2.5.2",
"2.5.3",
"2.6.0",
"2.6.1",
"2.6.2",
"2.7.0",
"2.8.0",
"2.8.1",
"2.8.2",
"2.9.0",
"3.0.0",
"3.1.0",
"3.1.0.rc1",
"3.1.0rc1",
"3.1.1",
"3.1.2",
"3.2.0",
"3.3.0",
"3.3.1",
"3.3.2",
"3.3.3",
"3.4.0",
"3.4.1",
"3.4.2",
"4.0.0",
"4.1.0",
"4.1.1",
"4.2.0",
"4.2.1",
"4.3.0",
"5.0.0",
"5.1.0",
"5.2.0",
"5.3.0",
"5.4.0",
"5.4.0.dev0",
"5.4.1",
"6.0.0",
"6.1.0",
"6.2.0",
"6.2.1",
"6.2.2",
"7.0.0",
"7.1.0",
"7.1.1",
"7.1.2",
"7.2.0",
"8.0.0",
"8.0.1",
"8.1.0",
"8.1.1",
"8.1.2",
"8.2.0",
"8.3.0",
"8.3.1",
"8.3.2",
"8.4.0",
"9.0.0",
"9.0.1",
"9.1.0",
"9.1.1",
"9.2.0",
"9.3.0",
"9.4.0",
"9.5.0"
]
}
],
"aliases": [
"CVE-2026-54059",
"GHSA-8v84-f9pq-wr9x"
],
"details": "Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py _load_bitmaps() read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes() without calling Image._decompression_bomb_check(), allowing crafted PCF font data to cause excessive memory allocation. This issue is fixed in version 12.3.0.",
"id": "PYSEC-2026-2253",
"modified": "2026-07-13T05:50:45.831861Z",
"published": "2026-07-06T19:17:08.127Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst"
},
{
"type": "FIX",
"url": "https://github.com/python-pillow/Pillow/commit/0a263e6264aa5399988d9acd3bbfbca2ca3ec77d"
},
{
"type": "EVIDENCE",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-8v84-f9pq-wr9x"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
RHSA-2026:39127
Vulnerability from csaf_redhat - Published: 2026-07-14 08:59 - Updated: 2026-07-14 16:17A flaw was found in Pillow, a Python imaging library. A remote attacker could exploit this vulnerability by providing specially crafted PCF font data. This data, when processed, can lead to excessive memory allocation because the library does not properly check for decompression bombs. The primary consequence is a Denial of Service (DoS), which could make the affected system or application unavailable.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-0:5.1.1-22.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-doc-0:5.1.1-22.el8_10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Pillow, a Python imaging library. When processing a specially crafted font file, the library's font compilation function does not adequately check for excessive memory allocation. This oversight allows a remote attacker to trigger an unreasonable consumption of system memory, leading to a denial of service (DoS) for the application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-0:5.1.1-22.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-doc-0:5.1.1-22.el8_10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by providing a specially crafted BDF font file. The library's image processing function fails to properly validate dimensions from the font file, bypassing a critical security check designed to prevent excessive memory usage. This oversight can lead to the system consuming an unreasonable amount of memory, making it unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-0:5.1.1-22.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-doc-0:5.1.1-22.el8_10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Pillow, a Python imaging library. A remote attacker could exploit this vulnerability by providing a specially crafted GD 2.x image file. The GdImageFile._open() function reads image dimensions without proper validation, leading to excessive memory allocation. This can result in a Denial of Service (DoS) due to C-heap exhaustion.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-0:5.1.1-22.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-doc-0:5.1.1-22.el8_10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:39127 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2497452 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2497455 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2497464 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2497466 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2026-54059 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2497464 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-54059 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-54059 | external |
| https://github.com/python-pillow/Pillow/blob/main… | external |
| https://github.com/python-pillow/Pillow/commit/0a… | external |
| https://github.com/python-pillow/Pillow/security/… | external |
| https://access.redhat.com/security/cve/CVE-2026-54060 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2497466 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-54060 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-54060 | external |
| https://github.com/python-pillow/Pillow/security/… | external |
| https://access.redhat.com/security/cve/CVE-2026-55379 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2497452 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-55379 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-55379 | external |
| https://github.com/python-pillow/Pillow/security/… | external |
| https://access.redhat.com/security/cve/CVE-2026-55380 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2497455 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-55380 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-55380 | external |
| https://github.com/python-pillow/Pillow/commit/f3… | external |
| https://github.com/python-pillow/Pillow/security/… | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for python-pillow is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.\n\nSecurity Fix(es):\n\n* python-pillow: Pillow: Denial of Service via crafted BDF font file (CVE-2026-55379)\n\n* python-pillow: Pillow: Denial of Service via crafted GD 2.x image file (CVE-2026-55380)\n\n* python-pillow: Pillow: Denial of Service via crafted PCF font data (CVE-2026-54059)\n\n* python-pillow: Pillow: Denial of Service via excessive memory allocation when processing font files (CVE-2026-54060)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:39127",
"url": "https://access.redhat.com/errata/RHSA-2026:39127"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2497452",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2497452"
},
{
"category": "external",
"summary": "2497455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2497455"
},
{
"category": "external",
"summary": "2497464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2497464"
},
{
"category": "external",
"summary": "2497466",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2497466"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_39127.json"
}
],
"title": "Red Hat Security Advisory: python-pillow security update",
"tracking": {
"current_release_date": "2026-07-14T16:17:36+00:00",
"generator": {
"date": "2026-07-14T16:17:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:39127",
"initial_release_date": "2026-07-14T08:59:16+00:00",
"revision_history": [
{
"date": "2026-07-14T08:59:16+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-14T08:59:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-14T16:17:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux CRB (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "python-pillow-0:5.1.1-22.el8_10.src",
"product": {
"name": "python-pillow-0:5.1.1-22.el8_10.src",
"product_id": "python-pillow-0:5.1.1-22.el8_10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pillow@5.1.1-22.el8_10?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-pillow-0:5.1.1-22.el8_10.aarch64",
"product": {
"name": "python3-pillow-0:5.1.1-22.el8_10.aarch64",
"product_id": "python3-pillow-0:5.1.1-22.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow@5.1.1-22.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"product": {
"name": "python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"product_id": "python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pillow-debugsource@5.1.1-22.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"product": {
"name": "python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"product_id": "python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pillow-debuginfo@5.1.1-22.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"product": {
"name": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"product_id": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow-debuginfo@5.1.1-22.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"product": {
"name": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"product_id": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow-tk-debuginfo@5.1.1-22.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-pillow-devel-0:5.1.1-22.el8_10.aarch64",
"product": {
"name": "python3-pillow-devel-0:5.1.1-22.el8_10.aarch64",
"product_id": "python3-pillow-devel-0:5.1.1-22.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow-devel@5.1.1-22.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-pillow-tk-0:5.1.1-22.el8_10.aarch64",
"product": {
"name": "python3-pillow-tk-0:5.1.1-22.el8_10.aarch64",
"product_id": "python3-pillow-tk-0:5.1.1-22.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow-tk@5.1.1-22.el8_10?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-pillow-0:5.1.1-22.el8_10.ppc64le",
"product": {
"name": "python3-pillow-0:5.1.1-22.el8_10.ppc64le",
"product_id": "python3-pillow-0:5.1.1-22.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow@5.1.1-22.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"product": {
"name": "python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"product_id": "python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pillow-debugsource@5.1.1-22.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"product": {
"name": "python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"product_id": "python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pillow-debuginfo@5.1.1-22.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"product": {
"name": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"product_id": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow-debuginfo@5.1.1-22.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"product": {
"name": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"product_id": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow-tk-debuginfo@5.1.1-22.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le",
"product": {
"name": "python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le",
"product_id": "python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow-devel@5.1.1-22.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le",
"product": {
"name": "python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le",
"product_id": "python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow-tk@5.1.1-22.el8_10?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-pillow-0:5.1.1-22.el8_10.x86_64",
"product": {
"name": "python3-pillow-0:5.1.1-22.el8_10.x86_64",
"product_id": "python3-pillow-0:5.1.1-22.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow@5.1.1-22.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"product": {
"name": "python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"product_id": "python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pillow-debugsource@5.1.1-22.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"product": {
"name": "python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"product_id": "python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pillow-debuginfo@5.1.1-22.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"product": {
"name": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"product_id": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow-debuginfo@5.1.1-22.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64",
"product": {
"name": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64",
"product_id": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow-tk-debuginfo@5.1.1-22.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-pillow-devel-0:5.1.1-22.el8_10.x86_64",
"product": {
"name": "python3-pillow-devel-0:5.1.1-22.el8_10.x86_64",
"product_id": "python3-pillow-devel-0:5.1.1-22.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow-devel@5.1.1-22.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-pillow-tk-0:5.1.1-22.el8_10.x86_64",
"product": {
"name": "python3-pillow-tk-0:5.1.1-22.el8_10.x86_64",
"product_id": "python3-pillow-tk-0:5.1.1-22.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow-tk@5.1.1-22.el8_10?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-pillow-0:5.1.1-22.el8_10.s390x",
"product": {
"name": "python3-pillow-0:5.1.1-22.el8_10.s390x",
"product_id": "python3-pillow-0:5.1.1-22.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow@5.1.1-22.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"product": {
"name": "python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"product_id": "python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pillow-debugsource@5.1.1-22.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"product": {
"name": "python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"product_id": "python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pillow-debuginfo@5.1.1-22.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"product": {
"name": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"product_id": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow-debuginfo@5.1.1-22.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"product": {
"name": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"product_id": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow-tk-debuginfo@5.1.1-22.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-pillow-devel-0:5.1.1-22.el8_10.s390x",
"product": {
"name": "python3-pillow-devel-0:5.1.1-22.el8_10.s390x",
"product_id": "python3-pillow-devel-0:5.1.1-22.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow-devel@5.1.1-22.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-pillow-tk-0:5.1.1-22.el8_10.s390x",
"product": {
"name": "python3-pillow-tk-0:5.1.1-22.el8_10.s390x",
"product_id": "python3-pillow-tk-0:5.1.1-22.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow-tk@5.1.1-22.el8_10?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-pillow-0:5.1.1-22.el8_10.i686",
"product": {
"name": "python3-pillow-0:5.1.1-22.el8_10.i686",
"product_id": "python3-pillow-0:5.1.1-22.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow@5.1.1-22.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "python3-pillow-devel-0:5.1.1-22.el8_10.i686",
"product": {
"name": "python3-pillow-devel-0:5.1.1-22.el8_10.i686",
"product_id": "python3-pillow-devel-0:5.1.1-22.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow-devel@5.1.1-22.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "python-pillow-debugsource-0:5.1.1-22.el8_10.i686",
"product": {
"name": "python-pillow-debugsource-0:5.1.1-22.el8_10.i686",
"product_id": "python-pillow-debugsource-0:5.1.1-22.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pillow-debugsource@5.1.1-22.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "python-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"product": {
"name": "python-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"product_id": "python-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pillow-debuginfo@5.1.1-22.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"product": {
"name": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"product_id": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow-debuginfo@5.1.1-22.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686",
"product": {
"name": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686",
"product_id": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow-tk-debuginfo@5.1.1-22.el8_10?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-pillow-doc-0:5.1.1-22.el8_10.noarch",
"product": {
"name": "python3-pillow-doc-0:5.1.1-22.el8_10.noarch",
"product_id": "python3-pillow-doc-0:5.1.1-22.el8_10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow-doc@5.1.1-22.el8_10?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pillow-0:5.1.1-22.el8_10.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python-pillow-0:5.1.1-22.el8_10.src"
},
"product_reference": "python-pillow-0:5.1.1-22.el8_10.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64"
},
"product_reference": "python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le"
},
"product_reference": "python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x"
},
"product_reference": "python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64"
},
"product_reference": "python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64"
},
"product_reference": "python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le"
},
"product_reference": "python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pillow-debugsource-0:5.1.1-22.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x"
},
"product_reference": "python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64"
},
"product_reference": "python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-0:5.1.1-22.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.aarch64"
},
"product_reference": "python3-pillow-0:5.1.1-22.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-0:5.1.1-22.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.ppc64le"
},
"product_reference": "python3-pillow-0:5.1.1-22.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-0:5.1.1-22.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.s390x"
},
"product_reference": "python3-pillow-0:5.1.1-22.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-0:5.1.1-22.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.x86_64"
},
"product_reference": "python3-pillow-0:5.1.1-22.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64"
},
"product_reference": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le"
},
"product_reference": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x"
},
"product_reference": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64"
},
"product_reference": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64"
},
"product_reference": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le"
},
"product_reference": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x"
},
"product_reference": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64"
},
"product_reference": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64"
},
"product_reference": "python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pillow-debuginfo-0:5.1.1-22.el8_10.i686 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.i686"
},
"product_reference": "python-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le"
},
"product_reference": "python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x"
},
"product_reference": "python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64"
},
"product_reference": "python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64"
},
"product_reference": "python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pillow-debugsource-0:5.1.1-22.el8_10.i686 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.i686"
},
"product_reference": "python-pillow-debugsource-0:5.1.1-22.el8_10.i686",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le"
},
"product_reference": "python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pillow-debugsource-0:5.1.1-22.el8_10.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x"
},
"product_reference": "python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64"
},
"product_reference": "python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-0:5.1.1-22.el8_10.i686 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.i686"
},
"product_reference": "python3-pillow-0:5.1.1-22.el8_10.i686",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64"
},
"product_reference": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686"
},
"product_reference": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le"
},
"product_reference": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x"
},
"product_reference": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64"
},
"product_reference": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-devel-0:5.1.1-22.el8_10.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.aarch64"
},
"product_reference": "python3-pillow-devel-0:5.1.1-22.el8_10.aarch64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-devel-0:5.1.1-22.el8_10.i686 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.i686"
},
"product_reference": "python3-pillow-devel-0:5.1.1-22.el8_10.i686",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le"
},
"product_reference": "python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-devel-0:5.1.1-22.el8_10.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.s390x"
},
"product_reference": "python3-pillow-devel-0:5.1.1-22.el8_10.s390x",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-devel-0:5.1.1-22.el8_10.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.x86_64"
},
"product_reference": "python3-pillow-devel-0:5.1.1-22.el8_10.x86_64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-doc-0:5.1.1-22.el8_10.noarch as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python3-pillow-doc-0:5.1.1-22.el8_10.noarch"
},
"product_reference": "python3-pillow-doc-0:5.1.1-22.el8_10.noarch",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-tk-0:5.1.1-22.el8_10.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.aarch64"
},
"product_reference": "python3-pillow-tk-0:5.1.1-22.el8_10.aarch64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le"
},
"product_reference": "python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-tk-0:5.1.1-22.el8_10.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.s390x"
},
"product_reference": "python3-pillow-tk-0:5.1.1-22.el8_10.s390x",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-tk-0:5.1.1-22.el8_10.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.x86_64"
},
"product_reference": "python3-pillow-tk-0:5.1.1-22.el8_10.x86_64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64"
},
"product_reference": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686"
},
"product_reference": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le"
},
"product_reference": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x"
},
"product_reference": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64"
},
"product_reference": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-54059",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-07-06T20:02:21.640821+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2497464"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Pillow, a Python imaging library. A remote attacker could exploit this vulnerability by providing specially crafted PCF font data. This data, when processed, can lead to excessive memory allocation because the library does not properly check for decompression bombs. The primary consequence is a Denial of Service (DoS), which could make the affected system or application unavailable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-pillow: Pillow: Denial of Service via crafted PCF font data",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A flaw was found in the Python Pillow library. The PcfFontFile._load_bitmaps() method reads glyph dimensions from the PCF METRICS section and passes them directly to Image.frombytes() without calling Image._decompression_bomb_check(). This allows crafted PCF font data to cause excessive memory allocation, leading to a denial of service condition. An attacker could exploit this by providing a specially crafted PCF font file to an application that uses Pillow\u0027s font loading functionality.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-0:5.1.1-22.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-doc-0:5.1.1-22.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-54059"
},
{
"category": "external",
"summary": "RHBZ#2497464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2497464"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-54059",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-54059"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-54059",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-54059"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst",
"url": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/commit/0a263e6264aa5399988d9acd3bbfbca2ca3ec77d",
"url": "https://github.com/python-pillow/Pillow/commit/0a263e6264aa5399988d9acd3bbfbca2ca3ec77d"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-8v84-f9pq-wr9x",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-8v84-f9pq-wr9x"
}
],
"release_date": "2026-07-06T18:46:09.433000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-14T08:59:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-0:5.1.1-22.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-doc-0:5.1.1-22.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:39127"
},
{
"category": "workaround",
"details": "Do not load PCF fonts from untrusted sources. If PCF font loading is required, validate font file dimensions before passing them to Pillow, or upgrade to Pillow 12.3.0 or later which includes the fix for this vulnerability.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-0:5.1.1-22.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-doc-0:5.1.1-22.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-0:5.1.1-22.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-doc-0:5.1.1-22.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python-pillow: Pillow: Denial of Service via crafted PCF font data"
},
{
"cve": "CVE-2026-54060",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-07-06T20:02:29.509113+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2497466"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Pillow, a Python imaging library. When processing a specially crafted font file, the library\u0027s font compilation function does not adequately check for excessive memory allocation. This oversight allows a remote attacker to trigger an unreasonable consumption of system memory, leading to a denial of service (DoS) for the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-pillow: Pillow: Denial of Service via excessive memory allocation when processing font files",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A flaw was found in Pillow prior to version 12.3.0. The FontFile.compile() method in PIL/FontFile.py assembles per-glyph images into a combined bitmap using Image.new() without calling Image._decompression_bomb_check(). This allows a specially crafted font file to trigger excessive memory allocation during conversion or saving, leading to denial of service via resource exhaustion.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-0:5.1.1-22.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-doc-0:5.1.1-22.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-54060"
},
{
"category": "external",
"summary": "RHBZ#2497466",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2497466"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-54060",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-54060"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-54060",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-54060"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst",
"url": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/commit/0a263e6264aa5399988d9acd3bbfbca2ca3ec77d",
"url": "https://github.com/python-pillow/Pillow/commit/0a263e6264aa5399988d9acd3bbfbca2ca3ec77d"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-5x94-69rx-g8h2",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-5x94-69rx-g8h2"
}
],
"release_date": "2026-07-06T18:49:23.788000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-14T08:59:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-0:5.1.1-22.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-doc-0:5.1.1-22.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:39127"
},
{
"category": "workaround",
"details": "Avoid loading untrusted font files with Pillow. If processing font files from untrusted sources is required, implement application-level resource limits (e.g., cgroups, ulimit) to restrict memory allocation per process. Upgrading to Pillow 12.3.0 or later resolves this issue.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-0:5.1.1-22.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-doc-0:5.1.1-22.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-0:5.1.1-22.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-doc-0:5.1.1-22.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python-pillow: Pillow: Denial of Service via excessive memory allocation when processing font files"
},
{
"cve": "CVE-2026-55379",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-07-06T20:01:29.922515+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2497452"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by providing a specially crafted BDF font file. The library\u0027s image processing function fails to properly validate dimensions from the font file, bypassing a critical security check designed to prevent excessive memory usage. This oversight can lead to the system consuming an unreasonable amount of memory, making it unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-pillow: Pillow: Denial of Service via crafted BDF font file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A flaw was found in the Pillow Python imaging library. The BDF font file parser passes attacker-controlled dimensions to Image.new() without decompression bomb validation, allowing excessive memory allocation and denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-0:5.1.1-22.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-doc-0:5.1.1-22.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-55379"
},
{
"category": "external",
"summary": "RHBZ#2497452",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2497452"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-55379",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-55379"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-55379",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-55379"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst",
"url": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/commit/0a263e6264aa5399988d9acd3bbfbca2ca3ec77d",
"url": "https://github.com/python-pillow/Pillow/commit/0a263e6264aa5399988d9acd3bbfbca2ca3ec77d"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-45hq-cxwh-f6vc",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-45hq-cxwh-f6vc"
}
],
"release_date": "2026-07-06T18:52:11.633000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-14T08:59:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-0:5.1.1-22.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-doc-0:5.1.1-22.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:39127"
},
{
"category": "workaround",
"details": "Do not load BDF font files from untrusted sources. Applications that only process standard image formats (PNG, JPEG, etc.) and do not use BdfFontFile or ImageFont.load() with BDF files are not affected.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-0:5.1.1-22.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-doc-0:5.1.1-22.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-0:5.1.1-22.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-doc-0:5.1.1-22.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python-pillow: Pillow: Denial of Service via crafted BDF font file"
},
{
"cve": "CVE-2026-55380",
"cwe": {
"id": "CWE-1285",
"name": "Improper Validation of Specified Index, Position, or Offset in Input"
},
"discovery_date": "2026-07-06T20:01:42.245051+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2497455"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Pillow, a Python imaging library. A remote attacker could exploit this vulnerability by providing a specially crafted GD 2.x image file. The GdImageFile._open() function reads image dimensions without proper validation, leading to excessive memory allocation. This can result in a Denial of Service (DoS) due to C-heap exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-pillow: Pillow: Denial of Service via crafted GD 2.x image file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A denial-of-service vulnerability was found in Pillow\u0027s GdImageFile plugin. The GdImageFile._open() function reads image dimensions from GD 2.x file headers and stores them without performing a decompression bomb check. A crafted .gd file of approximately 1 KB can trigger an unchecked 4.3 GB C-heap allocation, potentially crashing the process or exhausting memory on systems with insufficient resources. This issue is fixed in Pillow 12.3.0.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-0:5.1.1-22.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-doc-0:5.1.1-22.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-55380"
},
{
"category": "external",
"summary": "RHBZ#2497455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2497455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-55380",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-55380"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-55380",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-55380"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst",
"url": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/commit/f39b0ae6624eb2d7c5c5d651d9bb5fdbd96a8675",
"url": "https://github.com/python-pillow/Pillow/commit/f39b0ae6624eb2d7c5c5d651d9bb5fdbd96a8675"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-phj9-mv4w-65pm",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-phj9-mv4w-65pm"
}
],
"release_date": "2026-07-06T18:50:14.789000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-14T08:59:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-0:5.1.1-22.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-doc-0:5.1.1-22.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:39127"
},
{
"category": "workaround",
"details": "Avoid processing untrusted GD 2.x image files with PIL.GdImageFile.open(). Use Image.open() instead, which includes decompression bomb protections for supported formats. If GdImageFile must be used, validate the image dimensions before calling load(). Restricting accepted image formats at the application boundary to only those explicitly needed can reduce exposure.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-0:5.1.1-22.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-doc-0:5.1.1-22.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-0:5.1.1-22.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-doc-0:5.1.1-22.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python-pillow: Pillow: Denial of Service via crafted GD 2.x image file"
}
]
}
SUSE-SU-2026:2875-1
Vulnerability from csaf_suse - Published: 2026-07-13 09:12 - Updated: 2026-07-13 09:12| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.x86_64 | — |
Vendor Fix
|
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/s… | self |
| https://www.suse.com/support/update/announcement/… | self |
| https://lists.suse.com/pipermail/sle-updates/2026… | self |
| https://bugzilla.suse.com/1270409 | self |
| https://bugzilla.suse.com/1270410 | self |
| https://bugzilla.suse.com/1270411 | self |
| https://bugzilla.suse.com/1270412 | self |
| https://www.suse.com/security/cve/CVE-2026-54059/ | self |
| https://www.suse.com/security/cve/CVE-2026-54060/ | self |
| https://www.suse.com/security/cve/CVE-2026-55379/ | self |
| https://www.suse.com/security/cve/CVE-2026-55380/ | self |
| https://www.suse.com/security/cve/CVE-2026-54059 | external |
| https://bugzilla.suse.com/1270409 | external |
| https://www.suse.com/security/cve/CVE-2026-54060 | external |
| https://bugzilla.suse.com/1270410 | external |
| https://www.suse.com/security/cve/CVE-2026-55379 | external |
| https://bugzilla.suse.com/1270411 | external |
| https://www.suse.com/security/cve/CVE-2026-55380 | external |
| https://bugzilla.suse.com/1270412 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-Pillow",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-Pillow fixes the following issues\n\n- CVE-2026-54059: crafted PCF font data can cause excessive memory allocation (bsc#1270409).\n- CVE-2026-54060: a font can trigger excessive allocation during conversion or saving (bsc#1270410).\n- CVE-2026-55379: bypass of decompression bomb protection, allowing excessive memory allocation (bsc#1270411).\n- CVE-2026-55380: crafted .gd file can trigger excessive C-heap allocation when loaded (bsc#1270412).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-2875,SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2875",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_2875-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:2875-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20262875-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:2875-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-July/048158.html"
},
{
"category": "self",
"summary": "SUSE Bug 1270409",
"url": "https://bugzilla.suse.com/1270409"
},
{
"category": "self",
"summary": "SUSE Bug 1270410",
"url": "https://bugzilla.suse.com/1270410"
},
{
"category": "self",
"summary": "SUSE Bug 1270411",
"url": "https://bugzilla.suse.com/1270411"
},
{
"category": "self",
"summary": "SUSE Bug 1270412",
"url": "https://bugzilla.suse.com/1270412"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-54059 page",
"url": "https://www.suse.com/security/cve/CVE-2026-54059/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-54060 page",
"url": "https://www.suse.com/security/cve/CVE-2026-54060/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-55379 page",
"url": "https://www.suse.com/security/cve/CVE-2026-55379/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-55380 page",
"url": "https://www.suse.com/security/cve/CVE-2026-55380/"
}
],
"title": "Security update for python-Pillow",
"tracking": {
"current_release_date": "2026-07-13T09:12:43Z",
"generator": {
"date": "2026-07-13T09:12:43Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:2875-1",
"initial_release_date": "2026-07-13T09:12:43Z",
"revision_history": [
{
"date": "2026-07-13T09:12:43Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python3-Pillow-7.2.0-150300.3.27.1.aarch64",
"product": {
"name": "python3-Pillow-7.2.0-150300.3.27.1.aarch64",
"product_id": "python3-Pillow-7.2.0-150300.3.27.1.aarch64"
}
},
{
"category": "product_version",
"name": "python3-Pillow-tk-7.2.0-150300.3.27.1.aarch64",
"product": {
"name": "python3-Pillow-tk-7.2.0-150300.3.27.1.aarch64",
"product_id": "python3-Pillow-tk-7.2.0-150300.3.27.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-Pillow-7.2.0-150300.3.27.1.i586",
"product": {
"name": "python3-Pillow-7.2.0-150300.3.27.1.i586",
"product_id": "python3-Pillow-7.2.0-150300.3.27.1.i586"
}
},
{
"category": "product_version",
"name": "python3-Pillow-tk-7.2.0-150300.3.27.1.i586",
"product": {
"name": "python3-Pillow-tk-7.2.0-150300.3.27.1.i586",
"product_id": "python3-Pillow-tk-7.2.0-150300.3.27.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-Pillow-7.2.0-150300.3.27.1.ppc64le",
"product": {
"name": "python3-Pillow-7.2.0-150300.3.27.1.ppc64le",
"product_id": "python3-Pillow-7.2.0-150300.3.27.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-Pillow-tk-7.2.0-150300.3.27.1.ppc64le",
"product": {
"name": "python3-Pillow-tk-7.2.0-150300.3.27.1.ppc64le",
"product_id": "python3-Pillow-tk-7.2.0-150300.3.27.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-Pillow-7.2.0-150300.3.27.1.s390x",
"product": {
"name": "python3-Pillow-7.2.0-150300.3.27.1.s390x",
"product_id": "python3-Pillow-7.2.0-150300.3.27.1.s390x"
}
},
{
"category": "product_version",
"name": "python3-Pillow-tk-7.2.0-150300.3.27.1.s390x",
"product": {
"name": "python3-Pillow-tk-7.2.0-150300.3.27.1.s390x",
"product_id": "python3-Pillow-tk-7.2.0-150300.3.27.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-Pillow-7.2.0-150300.3.27.1.x86_64",
"product": {
"name": "python3-Pillow-7.2.0-150300.3.27.1.x86_64",
"product_id": "python3-Pillow-7.2.0-150300.3.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-Pillow-tk-7.2.0-150300.3.27.1.x86_64",
"product": {
"name": "python3-Pillow-tk-7.2.0-150300.3.27.1.x86_64",
"product_id": "python3-Pillow-tk-7.2.0-150300.3.27.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-Pillow-7.2.0-150300.3.27.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.aarch64"
},
"product_reference": "python3-Pillow-7.2.0-150300.3.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-Pillow-7.2.0-150300.3.27.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.ppc64le"
},
"product_reference": "python3-Pillow-7.2.0-150300.3.27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-Pillow-7.2.0-150300.3.27.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.s390x"
},
"product_reference": "python3-Pillow-7.2.0-150300.3.27.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-Pillow-7.2.0-150300.3.27.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.x86_64"
},
"product_reference": "python3-Pillow-7.2.0-150300.3.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-54059",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-54059"
}
],
"notes": [
{
"category": "general",
"text": "Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py _load_bitmaps() read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes() without calling Image._decompression_bomb_check(), allowing crafted PCF font data to cause excessive memory allocation. This issue is fixed in version 12.3.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-54059",
"url": "https://www.suse.com/security/cve/CVE-2026-54059"
},
{
"category": "external",
"summary": "SUSE Bug 1270409 for CVE-2026-54059",
"url": "https://bugzilla.suse.com/1270409"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-13T09:12:43Z",
"details": "important"
}
],
"title": "CVE-2026-54059"
},
{
"cve": "CVE-2026-54060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-54060"
}
],
"notes": [
{
"category": "general",
"text": "Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile() assembled per-glyph images into a combined bitmap with Image.new(\"1\", (xsize, ysize)) without calling Image._decompression_bomb_check(), allowing a font to trigger excessive allocation during conversion or saving. This issue is fixed in version 12.3.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-54060",
"url": "https://www.suse.com/security/cve/CVE-2026-54060"
},
{
"category": "external",
"summary": "SUSE Bug 1270410 for CVE-2026-54060",
"url": "https://bugzilla.suse.com/1270410"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-13T09:12:43Z",
"details": "important"
}
],
"title": "CVE-2026-54060"
},
{
"cve": "CVE-2026-55379",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-55379"
}
],
"notes": [
{
"category": "general",
"text": "Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdf_char() read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new() without calling Image._decompression_bomb_check(), bypassing Pillow\u0027s documented decompression bomb protection and allowing excessive memory allocation. This issue is fixed in version 12.3.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-55379",
"url": "https://www.suse.com/security/cve/CVE-2026-55379"
},
{
"category": "external",
"summary": "SUSE Bug 1270411 for CVE-2026-55379",
"url": "https://bugzilla.suse.com/1270411"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-13T09:12:43Z",
"details": "important"
}
],
"title": "CVE-2026-55379"
},
{
"cve": "CVE-2026-55380",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-55380"
}
],
"notes": [
{
"category": "general",
"text": "Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile._open() read image dimensions from the GD 2.x header and stored them in self._size without calling Image._decompression_bomb_check(), allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This issue is fixed in version 12.3.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-55380",
"url": "https://www.suse.com/security/cve/CVE-2026-55380"
},
{
"category": "external",
"summary": "SUSE Bug 1270412 for CVE-2026-55380",
"url": "https://bugzilla.suse.com/1270412"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-13T09:12:43Z",
"details": "important"
}
],
"title": "CVE-2026-55380"
}
]
}
ubuntu-cve-2026-54059
Vulnerability from osv_ubuntu
Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py _load_bitmaps() read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes() without calling Image._decompression_bomb_check(), allowing crafted PCF font data to cause excessive memory allocation. This issue is fixed in version 12.3.0.
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "python-imaging",
"binary_version": "2.3.0-1ubuntu3.4+esm5"
},
{
"binary_name": "python-imaging-compat",
"binary_version": "2.3.0-1ubuntu3.4+esm5"
},
{
"binary_name": "python-imaging-sane",
"binary_version": "2.3.0-1ubuntu3.4+esm5"
},
{
"binary_name": "python-imaging-tk",
"binary_version": "2.3.0-1ubuntu3.4+esm5"
},
{
"binary_name": "python-pil",
"binary_version": "2.3.0-1ubuntu3.4+esm5"
},
{
"binary_name": "python-pil.imagetk",
"binary_version": "2.3.0-1ubuntu3.4+esm5"
},
{
"binary_name": "python-sane",
"binary_version": "2.3.0-1ubuntu3.4+esm5"
},
{
"binary_name": "python3-imaging",
"binary_version": "2.3.0-1ubuntu3.4+esm5"
},
{
"binary_name": "python3-imaging-sane",
"binary_version": "2.3.0-1ubuntu3.4+esm5"
},
{
"binary_name": "python3-imaging-tk",
"binary_version": "2.3.0-1ubuntu3.4+esm5"
},
{
"binary_name": "python3-pil",
"binary_version": "2.3.0-1ubuntu3.4+esm5"
},
{
"binary_name": "python3-pil.imagetk",
"binary_version": "2.3.0-1ubuntu3.4+esm5"
},
{
"binary_name": "python3-sane",
"binary_version": "2.3.0-1ubuntu3.4+esm5"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "pillow",
"purl": "pkg:deb/ubuntu/pillow@2.3.0-1ubuntu3.4+esm5?arch=source\u0026distro=esm-infra-legacy/trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.2.1-1ubuntu2",
"2.2.1-2ubuntu1",
"2.2.1-3ubuntu2",
"2.2.1-3ubuntu3",
"2.2.1-3ubuntu4",
"2.2.1-3ubuntu6",
"2.3.0-1ubuntu1",
"2.3.0-1ubuntu2",
"2.3.0-1ubuntu3",
"2.3.0-1ubuntu3.2",
"2.3.0-1ubuntu3.3",
"2.3.0-1ubuntu3.4",
"2.3.0-1ubuntu3.4+esm1",
"2.3.0-1ubuntu3.4+esm2",
"2.3.0-1ubuntu3.4+esm3",
"2.3.0-1ubuntu3.4+esm4",
"2.3.0-1ubuntu3.4+esm5"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "python-imaging",
"binary_version": "3.1.2-0ubuntu1.6+esm3"
},
{
"binary_name": "python-pil",
"binary_version": "3.1.2-0ubuntu1.6+esm3"
},
{
"binary_name": "python-pil.imagetk",
"binary_version": "3.1.2-0ubuntu1.6+esm3"
},
{
"binary_name": "python3-pil",
"binary_version": "3.1.2-0ubuntu1.6+esm3"
},
{
"binary_name": "python3-pil.imagetk",
"binary_version": "3.1.2-0ubuntu1.6+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "pillow",
"purl": "pkg:deb/ubuntu/pillow@3.1.2-0ubuntu1.6+esm3?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.9.0-1",
"3.0.0-1",
"3.0.0-1build1",
"3.1.0-1",
"3.1.1-1",
"3.1.2-0ubuntu1",
"3.1.2-0ubuntu1.1",
"3.1.2-0ubuntu1.3",
"3.1.2-0ubuntu1.4",
"3.1.2-0ubuntu1.5",
"3.1.2-0ubuntu1.6",
"3.1.2-0ubuntu1.6+esm1",
"3.1.2-0ubuntu1.6+esm2",
"3.1.2-0ubuntu1.6+esm3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "python-pil",
"binary_version": "5.1.0-1ubuntu0.8+esm2"
},
{
"binary_name": "python-pil.imagetk",
"binary_version": "5.1.0-1ubuntu0.8+esm2"
},
{
"binary_name": "python3-pil",
"binary_version": "5.1.0-1ubuntu0.8+esm2"
},
{
"binary_name": "python3-pil.imagetk",
"binary_version": "5.1.0-1ubuntu0.8+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "pillow",
"purl": "pkg:deb/ubuntu/pillow@5.1.0-1ubuntu0.8+esm2?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.1.1-3build2",
"4.3.0-2ubuntu1",
"5.0.0-1",
"5.1.0-1",
"5.1.0-1ubuntu0.2",
"5.1.0-1ubuntu0.3",
"5.1.0-1ubuntu0.4",
"5.1.0-1ubuntu0.5",
"5.1.0-1ubuntu0.6",
"5.1.0-1ubuntu0.7",
"5.1.0-1ubuntu0.8",
"5.1.0-1ubuntu0.8+esm1",
"5.1.0-1ubuntu0.8+esm2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "python3-pil",
"binary_version": "7.0.0-4ubuntu0.9"
},
{
"binary_name": "python3-pil.imagetk",
"binary_version": "7.0.0-4ubuntu0.9"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "pillow",
"purl": "pkg:deb/ubuntu/pillow@7.0.0-4ubuntu0.9?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"6.1.0-1",
"6.1.0-1build1",
"6.2.1-2",
"7.0.0-4",
"7.0.0-4build1",
"7.0.0-4ubuntu0.1",
"7.0.0-4ubuntu0.2",
"7.0.0-4ubuntu0.3",
"7.0.0-4ubuntu0.4",
"7.0.0-4ubuntu0.5",
"7.0.0-4ubuntu0.6",
"7.0.0-4ubuntu0.7",
"7.0.0-4ubuntu0.8",
"7.0.0-4ubuntu0.9"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "python-pil",
"binary_version": "6.2.1-3ubuntu0.1~esm2"
},
{
"binary_name": "python-pil.imagetk",
"binary_version": "6.2.1-3ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "pillow-python2",
"purl": "pkg:deb/ubuntu/pillow-python2@6.2.1-3ubuntu0.1~esm2?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"6.2.1-3~build1",
"6.2.1-3",
"6.2.1-3ubuntu0.1~esm1",
"6.2.1-3ubuntu0.1~esm2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "python3-pil",
"binary_version": "9.0.1-1ubuntu0.4"
},
{
"binary_name": "python3-pil.imagetk",
"binary_version": "9.0.1-1ubuntu0.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "pillow",
"purl": "pkg:deb/ubuntu/pillow@9.0.1-1ubuntu0.4?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"8.1.2+dfsg-0.3",
"9.0.0-1",
"9.0.1-1",
"9.0.1-1build1",
"9.0.1-1ubuntu0.1",
"9.0.1-1ubuntu0.2",
"9.0.1-1ubuntu0.3",
"9.0.1-1ubuntu0.4"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "python3-pil",
"binary_version": "10.2.0-1ubuntu1.2"
},
{
"binary_name": "python3-pil.imagetk",
"binary_version": "10.2.0-1ubuntu1.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "pillow",
"purl": "pkg:deb/ubuntu/pillow@10.2.0-1ubuntu1.2?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"10.0.0-1",
"10.1.0-1",
"10.2.0-1",
"10.2.0-1build1",
"10.2.0-1ubuntu1",
"10.2.0-1ubuntu1.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "python3-pil",
"binary_version": "11.3.0-1ubuntu1.3"
},
{
"binary_name": "python3-pil.imagetk",
"binary_version": "11.3.0-1ubuntu1.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "pillow",
"purl": "pkg:deb/ubuntu/pillow@11.3.0-1ubuntu1.3?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"11.1.0-5build1",
"11.3.0-1ubuntu1",
"11.3.0-1ubuntu1.1",
"11.3.0-1ubuntu1.2",
"11.3.0-1ubuntu1.3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "python3-pil",
"binary_version": "12.1.1-2ubuntu1.2"
},
{
"binary_name": "python3-pil.imagetk",
"binary_version": "12.1.1-2ubuntu1.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "pillow",
"purl": "pkg:deb/ubuntu/pillow@12.1.1-2ubuntu1.2?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"11.3.0-1ubuntu1",
"11.3.0-1ubuntu2",
"12.0.0-1ubuntu1",
"12.1.1-1ubuntu1",
"12.1.1-2ubuntu1",
"12.1.1-2ubuntu1.1",
"12.1.1-2ubuntu1.2"
]
}
],
"aliases": [],
"details": "Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py _load_bitmaps() read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes() without calling Image._decompression_bomb_check(), allowing crafted PCF font data to cause excessive memory allocation. This issue is fixed in version 12.3.0.",
"id": "UBUNTU-CVE-2026-54059",
"modified": "2026-07-06T19:17:00Z",
"published": "2026-07-06T19:17:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-54059"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-54059"
},
{
"type": "REPORT",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-8v84-f9pq-wr9x"
},
{
"type": "REPORT",
"url": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst"
},
{
"type": "REPORT",
"url": "https://github.com/python-pillow/Pillow/commit/0a263e6264aa5399988d9acd3bbfbca2ca3ec77d"
}
],
"related": [],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2026-54059"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.