2485 matches found
[SECURITY] Fedora 44 Update: python-pillow-12.3.0-1.fc44
Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk tk interface, qt PIL image wrapper for Qt, devel developmen...
BIT-PILLOW-2026-55798 Pillow: WindowsViewer.get_command() OS command injection via unescaped shell path
Pillow is a Python imaging library. Prior to 12.3.0, WindowsViewer.getcommand constructed a cmd.exe shell command by directly embedding a file path into an f-string without escaping and passed the result to subprocess.Popen..., shell=True, allowing shell metacharacters in the file path to inject...
BIT-PILLOW-2026-55380 Pillow GdImageFile decompression bomb protection bypass
Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile.open read image dimensions from the GD 2.x header and stored them in self.size without calling Image.decompressionbombcheck, allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This iss...
BIT-PILLOW-2026-55379 Pillow BdfFontFile`: `Image.new()` called without `_decompression_bomb_check()` — bomb protection bypass via font loading
Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdfchar read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new without calling Image.decompressionbombcheck, bypassing Pillow's documented decompression bomb protection...
BIT-PILLOW-2026-54060 Pillow: `FontFile.compile()`: `Image.new()` called without `_decompression_bomb_check()`
Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile assembled per-glyph images into a combined bitmap with Image.new"1", xsize, ysize without calling Image.decompressionbombcheck, allowing a font to trigger excessive allocation during conversion or saving. This...
BIT-PILLOW-2026-54059 Pillow: PcfFontFile._load_bitmaps()`: `Image.frombytes()` called without `_decompression_bomb_check()` — bomb protection bypass via PCF font loading
Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py loadbitmaps read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes without calling Image.decompressionbombcheck, allowing crafted PCF font data to cause excessive memory allocation. Thi...
ROOT-APP-PYPI-CVE-2026-25990 CVE-2026-25990 in rootio-pillow - Patched by Root
Root has patched CVE-2026-25990 in the rootio-pillow package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-42311 CVE-2026-42311 in rootio-pillow - Patched by Root
Root has patched CVE-2026-42311 in the rootio-pillow package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-42308 CVE-2026-42308 in rootio-pillow - Patched by Root
Root has patched CVE-2026-42308 in the rootio-pillow package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-40192 CVE-2026-40192 in rootio-pillow - Patched by Root
Root has patched CVE-2026-40192 in the rootio-pillow package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-42310 CVE-2026-42310 in rootio-pillow - Patched by Root
Root has patched CVE-2026-42310 in the rootio-pillow package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2023-50447 CVE-2023-50447 in rootio-pillow - Patched by Root
Root has patched CVE-2023-50447 in the rootio-pillow package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2023-4863 CVE-2023-4863 in rootio-pillow - Patched by Root
Root has patched CVE-2023-4863 in the rootio-pillow package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2023-44271 CVE-2023-44271 in rootio-pillow - Patched by Root
Root has patched CVE-2023-44271 in the rootio-pillow package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2024-28219 CVE-2024-28219 in rootio-pillow - Patched by Root
Root has patched CVE-2024-28219 in the rootio-pillow package for Root:PyPI. Multiple fixed versions available...
[SECURITY] Fedora 43 Update: python-pillow-jxl-plugin-1.3.7-2.fc43
Pillow plugin for JPEG-XL, using Rust for bindings...
[SECURITY] Fedora 44 Update: python-pillow-jxl-plugin-1.3.7-2.fc44
Pillow plugin for JPEG-XL, using Rust for bindings...
SUSE CVE-2026-42311
Pillow is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution. This issue has been patched in version 12.2.0...
SUSE CVE-2026-54059
Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py loadbitmaps read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes without calling Image.decompressionbombcheck, allowing crafted PCF font data to cause excessive memory allocation. Thi...
SUSE CVE-2026-54060
Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile assembled per-glyph images into a combined bitmap with Image.new"1", xsize, ysize without calling Image.decompressionbombcheck, allowing a font to trigger excessive allocation during conversion or saving. This...