Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-55380 (GCVE-0-2026-55380)
Vulnerability from cvelistv5 – Published: 2026-07-06 18:50 – Updated: 2026-07-06 19:23- CWE-789 - Memory Allocation with Excessive Size Value
| URL | Tags |
|---|---|
| https://github.com/python-pillow/Pillow/security/… | x_refsource_CONFIRM |
| https://github.com/python-pillow/Pillow/commit/f3… | x_refsource_MISC |
| https://github.com/python-pillow/Pillow/blob/main… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| python-pillow | Pillow |
Affected:
< 12.3.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-55380",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-06T19:23:03.405538Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T19:23:30.046Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-phj9-mv4w-65pm"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Pillow",
"vendor": "python-pillow",
"versions": [
{
"status": "affected",
"version": "\u003c 12.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile._open() read image dimensions from the GD 2.x header and stored them in self._size without calling Image._decompression_bomb_check(), allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This issue is fixed in version 12.3.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789: Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T18:51:08.092Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-phj9-mv4w-65pm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-phj9-mv4w-65pm"
},
{
"name": "https://github.com/python-pillow/Pillow/commit/f39b0ae6624eb2d7c5c5d651d9bb5fdbd96a8675",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-pillow/Pillow/commit/f39b0ae6624eb2d7c5c5d651d9bb5fdbd96a8675"
},
{
"name": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst"
}
],
"source": {
"advisory": "GHSA-phj9-mv4w-65pm",
"discovery": "UNKNOWN"
},
"title": "Pillow GdImageFile decompression bomb protection bypass"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-55380",
"datePublished": "2026-07-06T18:50:14.789Z",
"dateReserved": "2026-06-16T18:57:40.182Z",
"dateUpdated": "2026-07-06T19:23:30.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-55380",
"date": "2026-07-14",
"epss": "0.00361",
"percentile": "0.28232"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-55380\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-07-06T19:17:08.703\",\"lastModified\":\"2026-07-07T18:58:54.647\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile._open() read image dimensions from the GD 2.x header and stored them in self._size without calling Image._decompression_bomb_check(), allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This issue is fixed in version 12.3.0.\"}],\"affected\":[{\"source\":\"security-advisories@github.com\",\"affectedData\":[{\"vendor\":\"python-pillow\",\"product\":\"Pillow\",\"versions\":[{\"version\":\"\u003c 12.3.0\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-07-06T19:23:03.405538Z\",\"id\":\"CVE-2026-55380\",\"options\":[{\"exploitation\":\"poc\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-789\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.3.0\",\"matchCriteriaId\":\"6372231F-529B-45CD-978E-3F2AEFF5F95C\"}]}]}],\"references\":[{\"url\":\"https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/python-pillow/Pillow/commit/f39b0ae6624eb2d7c5c5d651d9bb5fdbd96a8675\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/python-pillow/Pillow/security/advisories/GHSA-phj9-mv4w-65pm\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/python-pillow/Pillow/security/advisories/GHSA-phj9-mv4w-65pm\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
"redhat_vex": {
"aggregate_severity": "Important",
"current_release_date": "2026-07-14T18:26:14+00:00",
"cve": "CVE-2026-55380",
"id": "CVE-2026-55380",
"initial_release_date": "2026-07-06T18:50:14.789000+00:00",
"product_status:fixed": "52",
"product_status:known_affected": "82",
"product_status:known_not_affected": "5",
"product_status:under_investigation": "4",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "python-pillow: Pillow: Denial of Service via crafted GD 2.x image file",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-55380.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-55380\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-07-06T19:23:03.405538Z\"}}}], \"references\": [{\"url\": \"https://github.com/python-pillow/Pillow/security/advisories/GHSA-phj9-mv4w-65pm\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-07-06T19:23:25.915Z\"}}], \"cna\": {\"title\": \"Pillow GdImageFile decompression bomb protection bypass\", \"source\": {\"advisory\": \"GHSA-phj9-mv4w-65pm\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"python-pillow\", \"product\": \"Pillow\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 12.3.0\"}]}], \"references\": [{\"url\": \"https://github.com/python-pillow/Pillow/security/advisories/GHSA-phj9-mv4w-65pm\", \"name\": \"https://github.com/python-pillow/Pillow/security/advisories/GHSA-phj9-mv4w-65pm\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/python-pillow/Pillow/commit/f39b0ae6624eb2d7c5c5d651d9bb5fdbd96a8675\", \"name\": \"https://github.com/python-pillow/Pillow/commit/f39b0ae6624eb2d7c5c5d651d9bb5fdbd96a8675\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst\", \"name\": \"https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile._open() read image dimensions from the GD 2.x header and stored them in self._size without calling Image._decompression_bomb_check(), allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This issue is fixed in version 12.3.0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-789\", \"description\": \"CWE-789: Memory Allocation with Excessive Size Value\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-07-06T18:51:08.092Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-55380\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-06T19:23:30.046Z\", \"dateReserved\": \"2026-06-16T18:57:40.182Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-07-06T18:50:14.789Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
alsa-2026:39127
Vulnerability from osv_almalinux
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
Security Fix(es):
- python-pillow: Pillow: Denial of Service via crafted BDF font file (CVE-2026-55379)
- python-pillow: Pillow: Denial of Service via crafted GD 2.x image file (CVE-2026-55380)
- python-pillow: Pillow: Denial of Service via crafted PCF font data (CVE-2026-54059)
- python-pillow: Pillow: Denial of Service via excessive memory allocation when processing font files (CVE-2026-54060)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python3-pillow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.1-22.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python3-pillow-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.1-22.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python3-pillow-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.1-22.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python3-pillow-tk"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.1-22.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. \n\nSecurity Fix(es): \n\n * python-pillow: Pillow: Denial of Service via crafted BDF font file (CVE-2026-55379)\n * python-pillow: Pillow: Denial of Service via crafted GD 2.x image file (CVE-2026-55380)\n * python-pillow: Pillow: Denial of Service via crafted PCF font data (CVE-2026-54059)\n * python-pillow: Pillow: Denial of Service via excessive memory allocation when processing font files (CVE-2026-54060)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2026:39127",
"modified": "2026-07-14T10:11:15Z",
"published": "2026-07-14T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:39127"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-54059"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-54060"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-55379"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-55380"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2497452"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2497455"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2497464"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2497466"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2026-39127.html"
}
],
"related": [
"CVE-2026-55379",
"CVE-2026-55380",
"CVE-2026-54059",
"CVE-2026-54060"
],
"summary": "Important: python-pillow security update"
}
bit-pillow-2026-55380
Vulnerability from bitnami_vulndb
Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile._open() read image dimensions from the GD 2.x header and stored them in self._size without calling Image._decompression_bomb_check(), allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This issue is fixed in version 12.3.0.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "pillow",
"purl": "pkg:bitnami/pillow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.3.0"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2026-55380"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*"
],
"severity": "High"
},
"details": "Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile._open() read image dimensions from the GD 2.x header and stored them in self._size without calling Image._decompression_bomb_check(), allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This issue is fixed in version 12.3.0.",
"id": "BIT-pillow-2026-55380",
"modified": "2026-07-08T11:55:33.732Z",
"published": "2026-07-08T11:34:12.441Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst"
},
{
"type": "WEB",
"url": "https://github.com/python-pillow/Pillow/commit/f39b0ae6624eb2d7c5c5d651d9bb5fdbd96a8675"
},
{
"type": "WEB",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-phj9-mv4w-65pm"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-55380"
}
],
"schema_version": "1.6.2",
"summary": "Pillow GdImageFile decompression bomb protection bypass"
}
FKIE_CVE-2026-55380
Vulnerability from fkie_nvd - Published: 2026-07-06 19:17 - Updated: 2026-07-07 18:58| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst | Release Notes | |
| security-advisories@github.com | https://github.com/python-pillow/Pillow/commit/f39b0ae6624eb2d7c5c5d651d9bb5fdbd96a8675 | Patch | |
| security-advisories@github.com | https://github.com/python-pillow/Pillow/security/advisories/GHSA-phj9-mv4w-65pm | Exploit, Vendor Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/python-pillow/Pillow/security/advisories/GHSA-phj9-mv4w-65pm | Exploit, Vendor Advisory |
{
"affected": [
{
"affectedData": [
{
"product": "Pillow",
"vendor": "python-pillow",
"versions": [
{
"status": "affected",
"version": "\u003c 12.3.0"
}
]
}
],
"source": "security-advisories@github.com"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6372231F-529B-45CD-978E-3F2AEFF5F95C",
"versionEndExcluding": "12.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile._open() read image dimensions from the GD 2.x header and stored them in self._size without calling Image._decompression_bomb_check(), allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This issue is fixed in version 12.3.0."
}
],
"id": "CVE-2026-55380",
"lastModified": "2026-07-07T18:58:54.647",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-55380",
"options": [
{
"exploitation": "poc"
},
{
"automatable": "yes"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-06T19:23:03.405538Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-07-06T19:17:08.703",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/python-pillow/Pillow/commit/f39b0ae6624eb2d7c5c5d651d9bb5fdbd96a8675"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-phj9-mv4w-65pm"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-phj9-mv4w-65pm"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-789"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
PYSEC-2026-2256
Vulnerability from pysec - Published: 2026-07-06 19:17 - Updated: 2026-07-13 05:50Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile._open() read image dimensions from the GD 2.x header and stored them in self._size without calling Image._decompression_bomb_check(), allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This issue is fixed in version 12.3.0.
| Name | purl | pillow | pkg:pypi/pillow |
|---|
{
"affected": [
{
"ecosystem_specific": {},
"package": {
"ecosystem": "PyPI",
"name": "pillow",
"purl": "pkg:pypi/pillow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.3.0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.0",
"1.1",
"1.2",
"1.3",
"1.4",
"1.5",
"1.6",
"1.7.0",
"1.7.1",
"1.7.2",
"1.7.3",
"1.7.4",
"1.7.5",
"1.7.6",
"1.7.7",
"1.7.8",
"10.0.0",
"10.0.1",
"10.1.0",
"10.2.0",
"10.3.0",
"10.4.0",
"11.0.0",
"11.1.0",
"11.2.1",
"11.3.0",
"12.0.0",
"12.1.0",
"12.1.1",
"12.2.0",
"2.0.0",
"2.1.0",
"2.2.0",
"2.2.1",
"2.2.2",
"2.3.0",
"2.3.1",
"2.3.2",
"2.4.0",
"2.5.0",
"2.5.1",
"2.5.2",
"2.5.3",
"2.6.0",
"2.6.1",
"2.6.2",
"2.7.0",
"2.8.0",
"2.8.1",
"2.8.2",
"2.9.0",
"3.0.0",
"3.1.0",
"3.1.0.rc1",
"3.1.0rc1",
"3.1.1",
"3.1.2",
"3.2.0",
"3.3.0",
"3.3.1",
"3.3.2",
"3.3.3",
"3.4.0",
"3.4.1",
"3.4.2",
"4.0.0",
"4.1.0",
"4.1.1",
"4.2.0",
"4.2.1",
"4.3.0",
"5.0.0",
"5.1.0",
"5.2.0",
"5.3.0",
"5.4.0",
"5.4.0.dev0",
"5.4.1",
"6.0.0",
"6.1.0",
"6.2.0",
"6.2.1",
"6.2.2",
"7.0.0",
"7.1.0",
"7.1.1",
"7.1.2",
"7.2.0",
"8.0.0",
"8.0.1",
"8.1.0",
"8.1.1",
"8.1.2",
"8.2.0",
"8.3.0",
"8.3.1",
"8.3.2",
"8.4.0",
"9.0.0",
"9.0.1",
"9.1.0",
"9.1.1",
"9.2.0",
"9.3.0",
"9.4.0",
"9.5.0"
]
}
],
"aliases": [
"CVE-2026-55380",
"GHSA-phj9-mv4w-65pm"
],
"details": "Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile._open() read image dimensions from the GD 2.x header and stored them in self._size without calling Image._decompression_bomb_check(), allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This issue is fixed in version 12.3.0.",
"id": "PYSEC-2026-2256",
"modified": "2026-07-13T05:50:46.407369Z",
"published": "2026-07-06T19:17:08.703Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst"
},
{
"type": "FIX",
"url": "https://github.com/python-pillow/Pillow/commit/f39b0ae6624eb2d7c5c5d651d9bb5fdbd96a8675"
},
{
"type": "EVIDENCE",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-phj9-mv4w-65pm"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
RHSA-2026:39127
Vulnerability from csaf_redhat - Published: 2026-07-14 08:59 - Updated: 2026-07-14 16:17A flaw was found in Pillow, a Python imaging library. A remote attacker could exploit this vulnerability by providing specially crafted PCF font data. This data, when processed, can lead to excessive memory allocation because the library does not properly check for decompression bombs. The primary consequence is a Denial of Service (DoS), which could make the affected system or application unavailable.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-0:5.1.1-22.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-doc-0:5.1.1-22.el8_10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Pillow, a Python imaging library. When processing a specially crafted font file, the library's font compilation function does not adequately check for excessive memory allocation. This oversight allows a remote attacker to trigger an unreasonable consumption of system memory, leading to a denial of service (DoS) for the application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-0:5.1.1-22.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-doc-0:5.1.1-22.el8_10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by providing a specially crafted BDF font file. The library's image processing function fails to properly validate dimensions from the font file, bypassing a critical security check designed to prevent excessive memory usage. This oversight can lead to the system consuming an unreasonable amount of memory, making it unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-0:5.1.1-22.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-doc-0:5.1.1-22.el8_10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Pillow, a Python imaging library. A remote attacker could exploit this vulnerability by providing a specially crafted GD 2.x image file. The GdImageFile._open() function reads image dimensions without proper validation, leading to excessive memory allocation. This can result in a Denial of Service (DoS) due to C-heap exhaustion.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-0:5.1.1-22.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-doc-0:5.1.1-22.el8_10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:39127 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2497452 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2497455 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2497464 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2497466 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2026-54059 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2497464 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-54059 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-54059 | external |
| https://github.com/python-pillow/Pillow/blob/main… | external |
| https://github.com/python-pillow/Pillow/commit/0a… | external |
| https://github.com/python-pillow/Pillow/security/… | external |
| https://access.redhat.com/security/cve/CVE-2026-54060 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2497466 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-54060 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-54060 | external |
| https://github.com/python-pillow/Pillow/security/… | external |
| https://access.redhat.com/security/cve/CVE-2026-55379 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2497452 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-55379 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-55379 | external |
| https://github.com/python-pillow/Pillow/security/… | external |
| https://access.redhat.com/security/cve/CVE-2026-55380 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2497455 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-55380 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-55380 | external |
| https://github.com/python-pillow/Pillow/commit/f3… | external |
| https://github.com/python-pillow/Pillow/security/… | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for python-pillow is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.\n\nSecurity Fix(es):\n\n* python-pillow: Pillow: Denial of Service via crafted BDF font file (CVE-2026-55379)\n\n* python-pillow: Pillow: Denial of Service via crafted GD 2.x image file (CVE-2026-55380)\n\n* python-pillow: Pillow: Denial of Service via crafted PCF font data (CVE-2026-54059)\n\n* python-pillow: Pillow: Denial of Service via excessive memory allocation when processing font files (CVE-2026-54060)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:39127",
"url": "https://access.redhat.com/errata/RHSA-2026:39127"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2497452",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2497452"
},
{
"category": "external",
"summary": "2497455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2497455"
},
{
"category": "external",
"summary": "2497464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2497464"
},
{
"category": "external",
"summary": "2497466",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2497466"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_39127.json"
}
],
"title": "Red Hat Security Advisory: python-pillow security update",
"tracking": {
"current_release_date": "2026-07-14T16:17:36+00:00",
"generator": {
"date": "2026-07-14T16:17:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:39127",
"initial_release_date": "2026-07-14T08:59:16+00:00",
"revision_history": [
{
"date": "2026-07-14T08:59:16+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-14T08:59:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-14T16:17:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux CRB (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "python-pillow-0:5.1.1-22.el8_10.src",
"product": {
"name": "python-pillow-0:5.1.1-22.el8_10.src",
"product_id": "python-pillow-0:5.1.1-22.el8_10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pillow@5.1.1-22.el8_10?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-pillow-0:5.1.1-22.el8_10.aarch64",
"product": {
"name": "python3-pillow-0:5.1.1-22.el8_10.aarch64",
"product_id": "python3-pillow-0:5.1.1-22.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow@5.1.1-22.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"product": {
"name": "python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"product_id": "python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pillow-debugsource@5.1.1-22.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"product": {
"name": "python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"product_id": "python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pillow-debuginfo@5.1.1-22.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"product": {
"name": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"product_id": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow-debuginfo@5.1.1-22.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"product": {
"name": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"product_id": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow-tk-debuginfo@5.1.1-22.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-pillow-devel-0:5.1.1-22.el8_10.aarch64",
"product": {
"name": "python3-pillow-devel-0:5.1.1-22.el8_10.aarch64",
"product_id": "python3-pillow-devel-0:5.1.1-22.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow-devel@5.1.1-22.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-pillow-tk-0:5.1.1-22.el8_10.aarch64",
"product": {
"name": "python3-pillow-tk-0:5.1.1-22.el8_10.aarch64",
"product_id": "python3-pillow-tk-0:5.1.1-22.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow-tk@5.1.1-22.el8_10?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-pillow-0:5.1.1-22.el8_10.ppc64le",
"product": {
"name": "python3-pillow-0:5.1.1-22.el8_10.ppc64le",
"product_id": "python3-pillow-0:5.1.1-22.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow@5.1.1-22.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"product": {
"name": "python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"product_id": "python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pillow-debugsource@5.1.1-22.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"product": {
"name": "python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"product_id": "python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pillow-debuginfo@5.1.1-22.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"product": {
"name": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"product_id": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow-debuginfo@5.1.1-22.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"product": {
"name": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"product_id": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow-tk-debuginfo@5.1.1-22.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le",
"product": {
"name": "python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le",
"product_id": "python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow-devel@5.1.1-22.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le",
"product": {
"name": "python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le",
"product_id": "python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow-tk@5.1.1-22.el8_10?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-pillow-0:5.1.1-22.el8_10.x86_64",
"product": {
"name": "python3-pillow-0:5.1.1-22.el8_10.x86_64",
"product_id": "python3-pillow-0:5.1.1-22.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow@5.1.1-22.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"product": {
"name": "python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"product_id": "python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pillow-debugsource@5.1.1-22.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"product": {
"name": "python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"product_id": "python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pillow-debuginfo@5.1.1-22.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"product": {
"name": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"product_id": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow-debuginfo@5.1.1-22.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64",
"product": {
"name": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64",
"product_id": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow-tk-debuginfo@5.1.1-22.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-pillow-devel-0:5.1.1-22.el8_10.x86_64",
"product": {
"name": "python3-pillow-devel-0:5.1.1-22.el8_10.x86_64",
"product_id": "python3-pillow-devel-0:5.1.1-22.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow-devel@5.1.1-22.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-pillow-tk-0:5.1.1-22.el8_10.x86_64",
"product": {
"name": "python3-pillow-tk-0:5.1.1-22.el8_10.x86_64",
"product_id": "python3-pillow-tk-0:5.1.1-22.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow-tk@5.1.1-22.el8_10?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-pillow-0:5.1.1-22.el8_10.s390x",
"product": {
"name": "python3-pillow-0:5.1.1-22.el8_10.s390x",
"product_id": "python3-pillow-0:5.1.1-22.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow@5.1.1-22.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"product": {
"name": "python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"product_id": "python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pillow-debugsource@5.1.1-22.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"product": {
"name": "python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"product_id": "python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pillow-debuginfo@5.1.1-22.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"product": {
"name": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"product_id": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow-debuginfo@5.1.1-22.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"product": {
"name": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"product_id": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow-tk-debuginfo@5.1.1-22.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-pillow-devel-0:5.1.1-22.el8_10.s390x",
"product": {
"name": "python3-pillow-devel-0:5.1.1-22.el8_10.s390x",
"product_id": "python3-pillow-devel-0:5.1.1-22.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow-devel@5.1.1-22.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-pillow-tk-0:5.1.1-22.el8_10.s390x",
"product": {
"name": "python3-pillow-tk-0:5.1.1-22.el8_10.s390x",
"product_id": "python3-pillow-tk-0:5.1.1-22.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow-tk@5.1.1-22.el8_10?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-pillow-0:5.1.1-22.el8_10.i686",
"product": {
"name": "python3-pillow-0:5.1.1-22.el8_10.i686",
"product_id": "python3-pillow-0:5.1.1-22.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow@5.1.1-22.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "python3-pillow-devel-0:5.1.1-22.el8_10.i686",
"product": {
"name": "python3-pillow-devel-0:5.1.1-22.el8_10.i686",
"product_id": "python3-pillow-devel-0:5.1.1-22.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow-devel@5.1.1-22.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "python-pillow-debugsource-0:5.1.1-22.el8_10.i686",
"product": {
"name": "python-pillow-debugsource-0:5.1.1-22.el8_10.i686",
"product_id": "python-pillow-debugsource-0:5.1.1-22.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pillow-debugsource@5.1.1-22.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "python-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"product": {
"name": "python-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"product_id": "python-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pillow-debuginfo@5.1.1-22.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"product": {
"name": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"product_id": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow-debuginfo@5.1.1-22.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686",
"product": {
"name": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686",
"product_id": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow-tk-debuginfo@5.1.1-22.el8_10?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-pillow-doc-0:5.1.1-22.el8_10.noarch",
"product": {
"name": "python3-pillow-doc-0:5.1.1-22.el8_10.noarch",
"product_id": "python3-pillow-doc-0:5.1.1-22.el8_10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pillow-doc@5.1.1-22.el8_10?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pillow-0:5.1.1-22.el8_10.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python-pillow-0:5.1.1-22.el8_10.src"
},
"product_reference": "python-pillow-0:5.1.1-22.el8_10.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64"
},
"product_reference": "python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le"
},
"product_reference": "python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x"
},
"product_reference": "python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64"
},
"product_reference": "python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64"
},
"product_reference": "python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le"
},
"product_reference": "python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pillow-debugsource-0:5.1.1-22.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x"
},
"product_reference": "python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64"
},
"product_reference": "python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-0:5.1.1-22.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.aarch64"
},
"product_reference": "python3-pillow-0:5.1.1-22.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-0:5.1.1-22.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.ppc64le"
},
"product_reference": "python3-pillow-0:5.1.1-22.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-0:5.1.1-22.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.s390x"
},
"product_reference": "python3-pillow-0:5.1.1-22.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-0:5.1.1-22.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.x86_64"
},
"product_reference": "python3-pillow-0:5.1.1-22.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64"
},
"product_reference": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le"
},
"product_reference": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x"
},
"product_reference": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64"
},
"product_reference": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64"
},
"product_reference": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le"
},
"product_reference": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x"
},
"product_reference": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64"
},
"product_reference": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64"
},
"product_reference": "python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pillow-debuginfo-0:5.1.1-22.el8_10.i686 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.i686"
},
"product_reference": "python-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le"
},
"product_reference": "python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x"
},
"product_reference": "python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64"
},
"product_reference": "python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64"
},
"product_reference": "python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pillow-debugsource-0:5.1.1-22.el8_10.i686 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.i686"
},
"product_reference": "python-pillow-debugsource-0:5.1.1-22.el8_10.i686",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le"
},
"product_reference": "python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pillow-debugsource-0:5.1.1-22.el8_10.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x"
},
"product_reference": "python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64"
},
"product_reference": "python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-0:5.1.1-22.el8_10.i686 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.i686"
},
"product_reference": "python3-pillow-0:5.1.1-22.el8_10.i686",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64"
},
"product_reference": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686"
},
"product_reference": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le"
},
"product_reference": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x"
},
"product_reference": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64"
},
"product_reference": "python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-devel-0:5.1.1-22.el8_10.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.aarch64"
},
"product_reference": "python3-pillow-devel-0:5.1.1-22.el8_10.aarch64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-devel-0:5.1.1-22.el8_10.i686 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.i686"
},
"product_reference": "python3-pillow-devel-0:5.1.1-22.el8_10.i686",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le"
},
"product_reference": "python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-devel-0:5.1.1-22.el8_10.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.s390x"
},
"product_reference": "python3-pillow-devel-0:5.1.1-22.el8_10.s390x",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-devel-0:5.1.1-22.el8_10.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.x86_64"
},
"product_reference": "python3-pillow-devel-0:5.1.1-22.el8_10.x86_64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-doc-0:5.1.1-22.el8_10.noarch as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python3-pillow-doc-0:5.1.1-22.el8_10.noarch"
},
"product_reference": "python3-pillow-doc-0:5.1.1-22.el8_10.noarch",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-tk-0:5.1.1-22.el8_10.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.aarch64"
},
"product_reference": "python3-pillow-tk-0:5.1.1-22.el8_10.aarch64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le"
},
"product_reference": "python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-tk-0:5.1.1-22.el8_10.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.s390x"
},
"product_reference": "python3-pillow-tk-0:5.1.1-22.el8_10.s390x",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-tk-0:5.1.1-22.el8_10.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.x86_64"
},
"product_reference": "python3-pillow-tk-0:5.1.1-22.el8_10.x86_64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64"
},
"product_reference": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686"
},
"product_reference": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le"
},
"product_reference": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x"
},
"product_reference": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64"
},
"product_reference": "python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-54059",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-07-06T20:02:21.640821+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2497464"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Pillow, a Python imaging library. A remote attacker could exploit this vulnerability by providing specially crafted PCF font data. This data, when processed, can lead to excessive memory allocation because the library does not properly check for decompression bombs. The primary consequence is a Denial of Service (DoS), which could make the affected system or application unavailable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-pillow: Pillow: Denial of Service via crafted PCF font data",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A flaw was found in the Python Pillow library. The PcfFontFile._load_bitmaps() method reads glyph dimensions from the PCF METRICS section and passes them directly to Image.frombytes() without calling Image._decompression_bomb_check(). This allows crafted PCF font data to cause excessive memory allocation, leading to a denial of service condition. An attacker could exploit this by providing a specially crafted PCF font file to an application that uses Pillow\u0027s font loading functionality.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-0:5.1.1-22.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-doc-0:5.1.1-22.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-54059"
},
{
"category": "external",
"summary": "RHBZ#2497464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2497464"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-54059",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-54059"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-54059",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-54059"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst",
"url": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/commit/0a263e6264aa5399988d9acd3bbfbca2ca3ec77d",
"url": "https://github.com/python-pillow/Pillow/commit/0a263e6264aa5399988d9acd3bbfbca2ca3ec77d"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-8v84-f9pq-wr9x",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-8v84-f9pq-wr9x"
}
],
"release_date": "2026-07-06T18:46:09.433000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-14T08:59:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-0:5.1.1-22.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-doc-0:5.1.1-22.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:39127"
},
{
"category": "workaround",
"details": "Do not load PCF fonts from untrusted sources. If PCF font loading is required, validate font file dimensions before passing them to Pillow, or upgrade to Pillow 12.3.0 or later which includes the fix for this vulnerability.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-0:5.1.1-22.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-doc-0:5.1.1-22.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-0:5.1.1-22.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-doc-0:5.1.1-22.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python-pillow: Pillow: Denial of Service via crafted PCF font data"
},
{
"cve": "CVE-2026-54060",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-07-06T20:02:29.509113+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2497466"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Pillow, a Python imaging library. When processing a specially crafted font file, the library\u0027s font compilation function does not adequately check for excessive memory allocation. This oversight allows a remote attacker to trigger an unreasonable consumption of system memory, leading to a denial of service (DoS) for the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-pillow: Pillow: Denial of Service via excessive memory allocation when processing font files",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A flaw was found in Pillow prior to version 12.3.0. The FontFile.compile() method in PIL/FontFile.py assembles per-glyph images into a combined bitmap using Image.new() without calling Image._decompression_bomb_check(). This allows a specially crafted font file to trigger excessive memory allocation during conversion or saving, leading to denial of service via resource exhaustion.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-0:5.1.1-22.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-doc-0:5.1.1-22.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-54060"
},
{
"category": "external",
"summary": "RHBZ#2497466",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2497466"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-54060",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-54060"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-54060",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-54060"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst",
"url": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/commit/0a263e6264aa5399988d9acd3bbfbca2ca3ec77d",
"url": "https://github.com/python-pillow/Pillow/commit/0a263e6264aa5399988d9acd3bbfbca2ca3ec77d"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-5x94-69rx-g8h2",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-5x94-69rx-g8h2"
}
],
"release_date": "2026-07-06T18:49:23.788000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-14T08:59:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-0:5.1.1-22.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-doc-0:5.1.1-22.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:39127"
},
{
"category": "workaround",
"details": "Avoid loading untrusted font files with Pillow. If processing font files from untrusted sources is required, implement application-level resource limits (e.g., cgroups, ulimit) to restrict memory allocation per process. Upgrading to Pillow 12.3.0 or later resolves this issue.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-0:5.1.1-22.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-doc-0:5.1.1-22.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-0:5.1.1-22.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-doc-0:5.1.1-22.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python-pillow: Pillow: Denial of Service via excessive memory allocation when processing font files"
},
{
"cve": "CVE-2026-55379",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-07-06T20:01:29.922515+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2497452"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by providing a specially crafted BDF font file. The library\u0027s image processing function fails to properly validate dimensions from the font file, bypassing a critical security check designed to prevent excessive memory usage. This oversight can lead to the system consuming an unreasonable amount of memory, making it unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-pillow: Pillow: Denial of Service via crafted BDF font file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A flaw was found in the Pillow Python imaging library. The BDF font file parser passes attacker-controlled dimensions to Image.new() without decompression bomb validation, allowing excessive memory allocation and denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-0:5.1.1-22.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-doc-0:5.1.1-22.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-55379"
},
{
"category": "external",
"summary": "RHBZ#2497452",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2497452"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-55379",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-55379"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-55379",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-55379"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst",
"url": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/commit/0a263e6264aa5399988d9acd3bbfbca2ca3ec77d",
"url": "https://github.com/python-pillow/Pillow/commit/0a263e6264aa5399988d9acd3bbfbca2ca3ec77d"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-45hq-cxwh-f6vc",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-45hq-cxwh-f6vc"
}
],
"release_date": "2026-07-06T18:52:11.633000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-14T08:59:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-0:5.1.1-22.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-doc-0:5.1.1-22.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:39127"
},
{
"category": "workaround",
"details": "Do not load BDF font files from untrusted sources. Applications that only process standard image formats (PNG, JPEG, etc.) and do not use BdfFontFile or ImageFont.load() with BDF files are not affected.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-0:5.1.1-22.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-doc-0:5.1.1-22.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-0:5.1.1-22.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-doc-0:5.1.1-22.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python-pillow: Pillow: Denial of Service via crafted BDF font file"
},
{
"cve": "CVE-2026-55380",
"cwe": {
"id": "CWE-1285",
"name": "Improper Validation of Specified Index, Position, or Offset in Input"
},
"discovery_date": "2026-07-06T20:01:42.245051+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2497455"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Pillow, a Python imaging library. A remote attacker could exploit this vulnerability by providing a specially crafted GD 2.x image file. The GdImageFile._open() function reads image dimensions without proper validation, leading to excessive memory allocation. This can result in a Denial of Service (DoS) due to C-heap exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-pillow: Pillow: Denial of Service via crafted GD 2.x image file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A denial-of-service vulnerability was found in Pillow\u0027s GdImageFile plugin. The GdImageFile._open() function reads image dimensions from GD 2.x file headers and stores them without performing a decompression bomb check. A crafted .gd file of approximately 1 KB can trigger an unchecked 4.3 GB C-heap allocation, potentially crashing the process or exhausting memory on systems with insufficient resources. This issue is fixed in Pillow 12.3.0.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-0:5.1.1-22.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-doc-0:5.1.1-22.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-55380"
},
{
"category": "external",
"summary": "RHBZ#2497455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2497455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-55380",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-55380"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-55380",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-55380"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst",
"url": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/commit/f39b0ae6624eb2d7c5c5d651d9bb5fdbd96a8675",
"url": "https://github.com/python-pillow/Pillow/commit/f39b0ae6624eb2d7c5c5d651d9bb5fdbd96a8675"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-phj9-mv4w-65pm",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-phj9-mv4w-65pm"
}
],
"release_date": "2026-07-06T18:50:14.789000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-14T08:59:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-0:5.1.1-22.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-doc-0:5.1.1-22.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:39127"
},
{
"category": "workaround",
"details": "Avoid processing untrusted GD 2.x image files with PIL.GdImageFile.open(). Use Image.open() instead, which includes decompression bomb protections for supported formats. If GdImageFile must be used, validate the image dimensions before calling load(). Restricting accepted image formats at the application boundary to only those explicitly needed can reduce exposure.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-0:5.1.1-22.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-doc-0:5.1.1-22.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-0:5.1.1-22.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python-pillow-debugsource-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-debuginfo-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-devel-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-doc-0:5.1.1-22.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-0:5.1.1-22.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:python3-pillow-tk-debuginfo-0:5.1.1-22.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python-pillow: Pillow: Denial of Service via crafted GD 2.x image file"
}
]
}
SUSE-SU-2026:2875-1
Vulnerability from csaf_suse - Published: 2026-07-13 09:12 - Updated: 2026-07-13 09:12| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.x86_64 | — |
Vendor Fix
|
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/s… | self |
| https://www.suse.com/support/update/announcement/… | self |
| https://lists.suse.com/pipermail/sle-updates/2026… | self |
| https://bugzilla.suse.com/1270409 | self |
| https://bugzilla.suse.com/1270410 | self |
| https://bugzilla.suse.com/1270411 | self |
| https://bugzilla.suse.com/1270412 | self |
| https://www.suse.com/security/cve/CVE-2026-54059/ | self |
| https://www.suse.com/security/cve/CVE-2026-54060/ | self |
| https://www.suse.com/security/cve/CVE-2026-55379/ | self |
| https://www.suse.com/security/cve/CVE-2026-55380/ | self |
| https://www.suse.com/security/cve/CVE-2026-54059 | external |
| https://bugzilla.suse.com/1270409 | external |
| https://www.suse.com/security/cve/CVE-2026-54060 | external |
| https://bugzilla.suse.com/1270410 | external |
| https://www.suse.com/security/cve/CVE-2026-55379 | external |
| https://bugzilla.suse.com/1270411 | external |
| https://www.suse.com/security/cve/CVE-2026-55380 | external |
| https://bugzilla.suse.com/1270412 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-Pillow",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-Pillow fixes the following issues\n\n- CVE-2026-54059: crafted PCF font data can cause excessive memory allocation (bsc#1270409).\n- CVE-2026-54060: a font can trigger excessive allocation during conversion or saving (bsc#1270410).\n- CVE-2026-55379: bypass of decompression bomb protection, allowing excessive memory allocation (bsc#1270411).\n- CVE-2026-55380: crafted .gd file can trigger excessive C-heap allocation when loaded (bsc#1270412).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-2875,SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2875",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_2875-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:2875-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20262875-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:2875-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-July/048158.html"
},
{
"category": "self",
"summary": "SUSE Bug 1270409",
"url": "https://bugzilla.suse.com/1270409"
},
{
"category": "self",
"summary": "SUSE Bug 1270410",
"url": "https://bugzilla.suse.com/1270410"
},
{
"category": "self",
"summary": "SUSE Bug 1270411",
"url": "https://bugzilla.suse.com/1270411"
},
{
"category": "self",
"summary": "SUSE Bug 1270412",
"url": "https://bugzilla.suse.com/1270412"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-54059 page",
"url": "https://www.suse.com/security/cve/CVE-2026-54059/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-54060 page",
"url": "https://www.suse.com/security/cve/CVE-2026-54060/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-55379 page",
"url": "https://www.suse.com/security/cve/CVE-2026-55379/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-55380 page",
"url": "https://www.suse.com/security/cve/CVE-2026-55380/"
}
],
"title": "Security update for python-Pillow",
"tracking": {
"current_release_date": "2026-07-13T09:12:43Z",
"generator": {
"date": "2026-07-13T09:12:43Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:2875-1",
"initial_release_date": "2026-07-13T09:12:43Z",
"revision_history": [
{
"date": "2026-07-13T09:12:43Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python3-Pillow-7.2.0-150300.3.27.1.aarch64",
"product": {
"name": "python3-Pillow-7.2.0-150300.3.27.1.aarch64",
"product_id": "python3-Pillow-7.2.0-150300.3.27.1.aarch64"
}
},
{
"category": "product_version",
"name": "python3-Pillow-tk-7.2.0-150300.3.27.1.aarch64",
"product": {
"name": "python3-Pillow-tk-7.2.0-150300.3.27.1.aarch64",
"product_id": "python3-Pillow-tk-7.2.0-150300.3.27.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-Pillow-7.2.0-150300.3.27.1.i586",
"product": {
"name": "python3-Pillow-7.2.0-150300.3.27.1.i586",
"product_id": "python3-Pillow-7.2.0-150300.3.27.1.i586"
}
},
{
"category": "product_version",
"name": "python3-Pillow-tk-7.2.0-150300.3.27.1.i586",
"product": {
"name": "python3-Pillow-tk-7.2.0-150300.3.27.1.i586",
"product_id": "python3-Pillow-tk-7.2.0-150300.3.27.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-Pillow-7.2.0-150300.3.27.1.ppc64le",
"product": {
"name": "python3-Pillow-7.2.0-150300.3.27.1.ppc64le",
"product_id": "python3-Pillow-7.2.0-150300.3.27.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-Pillow-tk-7.2.0-150300.3.27.1.ppc64le",
"product": {
"name": "python3-Pillow-tk-7.2.0-150300.3.27.1.ppc64le",
"product_id": "python3-Pillow-tk-7.2.0-150300.3.27.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-Pillow-7.2.0-150300.3.27.1.s390x",
"product": {
"name": "python3-Pillow-7.2.0-150300.3.27.1.s390x",
"product_id": "python3-Pillow-7.2.0-150300.3.27.1.s390x"
}
},
{
"category": "product_version",
"name": "python3-Pillow-tk-7.2.0-150300.3.27.1.s390x",
"product": {
"name": "python3-Pillow-tk-7.2.0-150300.3.27.1.s390x",
"product_id": "python3-Pillow-tk-7.2.0-150300.3.27.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-Pillow-7.2.0-150300.3.27.1.x86_64",
"product": {
"name": "python3-Pillow-7.2.0-150300.3.27.1.x86_64",
"product_id": "python3-Pillow-7.2.0-150300.3.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-Pillow-tk-7.2.0-150300.3.27.1.x86_64",
"product": {
"name": "python3-Pillow-tk-7.2.0-150300.3.27.1.x86_64",
"product_id": "python3-Pillow-tk-7.2.0-150300.3.27.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-Pillow-7.2.0-150300.3.27.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.aarch64"
},
"product_reference": "python3-Pillow-7.2.0-150300.3.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-Pillow-7.2.0-150300.3.27.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.ppc64le"
},
"product_reference": "python3-Pillow-7.2.0-150300.3.27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-Pillow-7.2.0-150300.3.27.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.s390x"
},
"product_reference": "python3-Pillow-7.2.0-150300.3.27.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-Pillow-7.2.0-150300.3.27.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.x86_64"
},
"product_reference": "python3-Pillow-7.2.0-150300.3.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-54059",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-54059"
}
],
"notes": [
{
"category": "general",
"text": "Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py _load_bitmaps() read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes() without calling Image._decompression_bomb_check(), allowing crafted PCF font data to cause excessive memory allocation. This issue is fixed in version 12.3.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-54059",
"url": "https://www.suse.com/security/cve/CVE-2026-54059"
},
{
"category": "external",
"summary": "SUSE Bug 1270409 for CVE-2026-54059",
"url": "https://bugzilla.suse.com/1270409"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-13T09:12:43Z",
"details": "important"
}
],
"title": "CVE-2026-54059"
},
{
"cve": "CVE-2026-54060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-54060"
}
],
"notes": [
{
"category": "general",
"text": "Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile() assembled per-glyph images into a combined bitmap with Image.new(\"1\", (xsize, ysize)) without calling Image._decompression_bomb_check(), allowing a font to trigger excessive allocation during conversion or saving. This issue is fixed in version 12.3.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-54060",
"url": "https://www.suse.com/security/cve/CVE-2026-54060"
},
{
"category": "external",
"summary": "SUSE Bug 1270410 for CVE-2026-54060",
"url": "https://bugzilla.suse.com/1270410"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-13T09:12:43Z",
"details": "important"
}
],
"title": "CVE-2026-54060"
},
{
"cve": "CVE-2026-55379",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-55379"
}
],
"notes": [
{
"category": "general",
"text": "Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdf_char() read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new() without calling Image._decompression_bomb_check(), bypassing Pillow\u0027s documented decompression bomb protection and allowing excessive memory allocation. This issue is fixed in version 12.3.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-55379",
"url": "https://www.suse.com/security/cve/CVE-2026-55379"
},
{
"category": "external",
"summary": "SUSE Bug 1270411 for CVE-2026-55379",
"url": "https://bugzilla.suse.com/1270411"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-13T09:12:43Z",
"details": "important"
}
],
"title": "CVE-2026-55379"
},
{
"cve": "CVE-2026-55380",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-55380"
}
],
"notes": [
{
"category": "general",
"text": "Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile._open() read image dimensions from the GD 2.x header and stored them in self._size without calling Image._decompression_bomb_check(), allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This issue is fixed in version 12.3.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-55380",
"url": "https://www.suse.com/security/cve/CVE-2026-55380"
},
{
"category": "external",
"summary": "SUSE Bug 1270412 for CVE-2026-55380",
"url": "https://bugzilla.suse.com/1270412"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python3-Pillow-7.2.0-150300.3.27.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-13T09:12:43Z",
"details": "important"
}
],
"title": "CVE-2026-55380"
}
]
}
ubuntu-cve-2026-55380
Vulnerability from osv_ubuntu
Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile._open() read image dimensions from the GD 2.x header and stored them in self._size without calling Image._decompression_bomb_check(), allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This issue is fixed in version 12.3.0.
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "python-imaging",
"binary_version": "2.3.0-1ubuntu3.4+esm5"
},
{
"binary_name": "python-imaging-compat",
"binary_version": "2.3.0-1ubuntu3.4+esm5"
},
{
"binary_name": "python-imaging-sane",
"binary_version": "2.3.0-1ubuntu3.4+esm5"
},
{
"binary_name": "python-imaging-tk",
"binary_version": "2.3.0-1ubuntu3.4+esm5"
},
{
"binary_name": "python-pil",
"binary_version": "2.3.0-1ubuntu3.4+esm5"
},
{
"binary_name": "python-pil.imagetk",
"binary_version": "2.3.0-1ubuntu3.4+esm5"
},
{
"binary_name": "python-sane",
"binary_version": "2.3.0-1ubuntu3.4+esm5"
},
{
"binary_name": "python3-imaging",
"binary_version": "2.3.0-1ubuntu3.4+esm5"
},
{
"binary_name": "python3-imaging-sane",
"binary_version": "2.3.0-1ubuntu3.4+esm5"
},
{
"binary_name": "python3-imaging-tk",
"binary_version": "2.3.0-1ubuntu3.4+esm5"
},
{
"binary_name": "python3-pil",
"binary_version": "2.3.0-1ubuntu3.4+esm5"
},
{
"binary_name": "python3-pil.imagetk",
"binary_version": "2.3.0-1ubuntu3.4+esm5"
},
{
"binary_name": "python3-sane",
"binary_version": "2.3.0-1ubuntu3.4+esm5"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "pillow",
"purl": "pkg:deb/ubuntu/pillow@2.3.0-1ubuntu3.4+esm5?arch=source\u0026distro=esm-infra-legacy/trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.2.1-1ubuntu2",
"2.2.1-2ubuntu1",
"2.2.1-3ubuntu2",
"2.2.1-3ubuntu3",
"2.2.1-3ubuntu4",
"2.2.1-3ubuntu6",
"2.3.0-1ubuntu1",
"2.3.0-1ubuntu2",
"2.3.0-1ubuntu3",
"2.3.0-1ubuntu3.2",
"2.3.0-1ubuntu3.3",
"2.3.0-1ubuntu3.4",
"2.3.0-1ubuntu3.4+esm1",
"2.3.0-1ubuntu3.4+esm2",
"2.3.0-1ubuntu3.4+esm3",
"2.3.0-1ubuntu3.4+esm4",
"2.3.0-1ubuntu3.4+esm5"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "python-imaging",
"binary_version": "3.1.2-0ubuntu1.6+esm3"
},
{
"binary_name": "python-pil",
"binary_version": "3.1.2-0ubuntu1.6+esm3"
},
{
"binary_name": "python-pil.imagetk",
"binary_version": "3.1.2-0ubuntu1.6+esm3"
},
{
"binary_name": "python3-pil",
"binary_version": "3.1.2-0ubuntu1.6+esm3"
},
{
"binary_name": "python3-pil.imagetk",
"binary_version": "3.1.2-0ubuntu1.6+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "pillow",
"purl": "pkg:deb/ubuntu/pillow@3.1.2-0ubuntu1.6+esm3?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.9.0-1",
"3.0.0-1",
"3.0.0-1build1",
"3.1.0-1",
"3.1.1-1",
"3.1.2-0ubuntu1",
"3.1.2-0ubuntu1.1",
"3.1.2-0ubuntu1.3",
"3.1.2-0ubuntu1.4",
"3.1.2-0ubuntu1.5",
"3.1.2-0ubuntu1.6",
"3.1.2-0ubuntu1.6+esm1",
"3.1.2-0ubuntu1.6+esm2",
"3.1.2-0ubuntu1.6+esm3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "python-pil",
"binary_version": "5.1.0-1ubuntu0.8+esm2"
},
{
"binary_name": "python-pil.imagetk",
"binary_version": "5.1.0-1ubuntu0.8+esm2"
},
{
"binary_name": "python3-pil",
"binary_version": "5.1.0-1ubuntu0.8+esm2"
},
{
"binary_name": "python3-pil.imagetk",
"binary_version": "5.1.0-1ubuntu0.8+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "pillow",
"purl": "pkg:deb/ubuntu/pillow@5.1.0-1ubuntu0.8+esm2?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.1.1-3build2",
"4.3.0-2ubuntu1",
"5.0.0-1",
"5.1.0-1",
"5.1.0-1ubuntu0.2",
"5.1.0-1ubuntu0.3",
"5.1.0-1ubuntu0.4",
"5.1.0-1ubuntu0.5",
"5.1.0-1ubuntu0.6",
"5.1.0-1ubuntu0.7",
"5.1.0-1ubuntu0.8",
"5.1.0-1ubuntu0.8+esm1",
"5.1.0-1ubuntu0.8+esm2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "python3-pil",
"binary_version": "7.0.0-4ubuntu0.9"
},
{
"binary_name": "python3-pil.imagetk",
"binary_version": "7.0.0-4ubuntu0.9"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "pillow",
"purl": "pkg:deb/ubuntu/pillow@7.0.0-4ubuntu0.9?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"6.1.0-1",
"6.1.0-1build1",
"6.2.1-2",
"7.0.0-4",
"7.0.0-4build1",
"7.0.0-4ubuntu0.1",
"7.0.0-4ubuntu0.2",
"7.0.0-4ubuntu0.3",
"7.0.0-4ubuntu0.4",
"7.0.0-4ubuntu0.5",
"7.0.0-4ubuntu0.6",
"7.0.0-4ubuntu0.7",
"7.0.0-4ubuntu0.8",
"7.0.0-4ubuntu0.9"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "python-pil",
"binary_version": "6.2.1-3ubuntu0.1~esm2"
},
{
"binary_name": "python-pil.imagetk",
"binary_version": "6.2.1-3ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "pillow-python2",
"purl": "pkg:deb/ubuntu/pillow-python2@6.2.1-3ubuntu0.1~esm2?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"6.2.1-3~build1",
"6.2.1-3",
"6.2.1-3ubuntu0.1~esm1",
"6.2.1-3ubuntu0.1~esm2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "python3-pil",
"binary_version": "9.0.1-1ubuntu0.4"
},
{
"binary_name": "python3-pil.imagetk",
"binary_version": "9.0.1-1ubuntu0.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "pillow",
"purl": "pkg:deb/ubuntu/pillow@9.0.1-1ubuntu0.4?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"8.1.2+dfsg-0.3",
"9.0.0-1",
"9.0.1-1",
"9.0.1-1build1",
"9.0.1-1ubuntu0.1",
"9.0.1-1ubuntu0.2",
"9.0.1-1ubuntu0.3",
"9.0.1-1ubuntu0.4"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "python3-pil",
"binary_version": "10.2.0-1ubuntu1.2"
},
{
"binary_name": "python3-pil.imagetk",
"binary_version": "10.2.0-1ubuntu1.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "pillow",
"purl": "pkg:deb/ubuntu/pillow@10.2.0-1ubuntu1.2?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"10.0.0-1",
"10.1.0-1",
"10.2.0-1",
"10.2.0-1build1",
"10.2.0-1ubuntu1",
"10.2.0-1ubuntu1.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "python3-pil",
"binary_version": "11.3.0-1ubuntu1.3"
},
{
"binary_name": "python3-pil.imagetk",
"binary_version": "11.3.0-1ubuntu1.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "pillow",
"purl": "pkg:deb/ubuntu/pillow@11.3.0-1ubuntu1.3?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"11.1.0-5build1",
"11.3.0-1ubuntu1",
"11.3.0-1ubuntu1.1",
"11.3.0-1ubuntu1.2",
"11.3.0-1ubuntu1.3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "python3-pil",
"binary_version": "12.1.1-2ubuntu1.2"
},
{
"binary_name": "python3-pil.imagetk",
"binary_version": "12.1.1-2ubuntu1.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "pillow",
"purl": "pkg:deb/ubuntu/pillow@12.1.1-2ubuntu1.2?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"11.3.0-1ubuntu1",
"11.3.0-1ubuntu2",
"12.0.0-1ubuntu1",
"12.1.1-1ubuntu1",
"12.1.1-2ubuntu1",
"12.1.1-2ubuntu1.1",
"12.1.1-2ubuntu1.2"
]
}
],
"aliases": [],
"details": "Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile._open() read image dimensions from the GD 2.x header and stored them in self._size without calling Image._decompression_bomb_check(), allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This issue is fixed in version 12.3.0.",
"id": "UBUNTU-CVE-2026-55380",
"modified": "2026-07-06T19:17:00Z",
"published": "2026-07-06T19:17:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-55380"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-55380"
},
{
"type": "REPORT",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-phj9-mv4w-65pm"
},
{
"type": "REPORT",
"url": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst"
},
{
"type": "REPORT",
"url": "https://github.com/python-pillow/Pillow/commit/f39b0ae6624eb2d7c5c5d651d9bb5fdbd96a8675"
}
],
"related": [],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2026-55380"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.