PYSEC-2023-175 – pillow

Package

Manager: pip
Name: pillow
Vulnerable Version: =1.0 || =1.1 || =1.2 || =1.3 || =1.4 || =1.5 || =1.6 || =1.7.0 || =1.7.1 || =1.7.2 || =1.7.3 || =1.7.4 || =1.7.5 || =1.7.6 || =1.7.7 || =1.7.8 || =10.0.0 || =2.0.0 || =2.1.0 || =2.2.0 || =2.2.1 || =2.2.2 || =2.3.0 || =2.3.1 || =2.3.2 || =2.4.0 || =2.5.0 || =2.5.1 || =2.5.2 || =2.5.3 || =2.6.0 || =2.6.1 || =2.6.2 || =2.7.0 || =2.8.0 || =2.8.1 || =2.8.2 || =2.9.0 || =3.0.0 || =3.1.0 || =3.1.0.rc1 || =3.1.0rc1 || =3.1.1 || =3.1.2 || =3.2.0 || =3.3.0 || =3.3.1 || =3.3.2 || =3.3.3 || =3.4.0 || =3.4.1 || =3.4.2 || =4.0.0 || =4.1.0 || =4.1.1 || =4.2.0 || =4.2.1 || =4.3.0 || =5.0.0 || =5.1.0 || =5.2.0 || =5.3.0 || =5.4.0 || =5.4.0.dev0 || =5.4.1 || =6.0.0 || =6.1.0 || =6.2.0 || =6.2.1 || =6.2.2 || =7.0.0 || =7.1.0 || =7.1.1 || =7.1.2 || =7.2.0 || =8.0.0 || =8.0.1 || =8.1.0 || =8.1.1 || =8.1.2 || =8.2.0 || =8.3.0 || =8.3.1 || =8.3.2 || =8.4.0 || =9.0.0 || =9.0.1 || =9.1.0 || =9.1.1 || =9.2.0 || =9.3.0 || =9.4.0 || =9.5.0 || >=0 <10.0.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

EPSS: N/A pctlN/A

Details

Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). Pillow v10.0.1 upgrades the bundled libwebp binary to v1.3.2.

Metadata

Created: 2023-09-20T05:46:53.608652Z
Modified: 2023-09-25T17:25:13.946374Z
Source: https://osv-vulnerabilities
CWE IDs: N/A
Alternative ID: N/A
Finding: F448
Auto approve: 1