Fluid Attacks Database

Description

Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). Pillow v10.0.1 upgrades the bundled libwebp binary to v1.3.2.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
pypi	pillow	=1.0 \|\| =1.1 \|\| =1.2 \|\| =1.3 \|\| =1.4 \|\| =1.5 \|\| =1.6 \|\| =1.7.0 \|\| =1.7.1 \|\| =1.7.2 \|\| =1.7.3 \|\| =1.7.4 \|\| =1.7.5 \|\| =1.7.6 \|\| =1.7.7 \|\| =1.7.8 \|\| =10.0.0 \|\| =2.0.0 \|\| =2.1.0 \|\| =2.2.0 \|\| =2.2.1 \|\| =2.2.2 \|\| =2.3.0 \|\| =2.3.1 \|\| =2.3.2 \|\| =2.4.0 \|\| =2.5.0 \|\| =2.5.1 \|\| =2.5.2 \|\| =2.5.3 \|\| =2.6.0 \|\| =2.6.1 \|\| =2.6.2 \|\| =2.7.0 \|\| =2.8.0 \|\| =2.8.1 \|\| =2.8.2 \|\| =2.9.0 \|\| =3.0.0 \|\| =3.1.0 \|\| =3.1.0.rc1 \|\| =3.1.0rc1 \|\| =3.1.1 \|\| =3.1.2 \|\| =3.2.0 \|\| =3.3.0 \|\| =3.3.1 \|\| =3.3.2 \|\| =3.3.3 \|\| =3.4.0 \|\| =3.4.1 \|\| =3.4.2 \|\| =4.0.0 \|\| =4.1.0 \|\| =4.1.1 \|\| =4.2.0 \|\| =4.2.1 \|\| =4.3.0 \|\| =5.0.0 \|\| =5.1.0 \|\| =5.2.0 \|\| =5.3.0 \|\| =5.4.0 \|\| =5.4.0.dev0 \|\| =5.4.1 \|\| =6.0.0 \|\| =6.1.0 \|\| =6.2.0 \|\| =6.2.1 \|\| =6.2.2 \|\| =7.0.0 \|\| =7.1.0 \|\| =7.1.1 \|\| =7.1.2 \|\| =7.2.0 \|\| =8.0.0 \|\| =8.0.1 \|\| =8.1.0 \|\| =8.1.1 \|\| =8.1.2 \|\| =8.2.0 \|\| =8.3.0 \|\| =8.3.1 \|\| =8.3.2 \|\| =8.4.0 \|\| =9.0.0 \|\| =9.0.1 \|\| =9.1.0 \|\| =9.1.1 \|\| =9.2.0 \|\| =9.3.0 \|\| =9.4.0 \|\| =9.5.0 \|\| >=0 <10.0.1	10.0.1

Aliases

1. NVD-2023-51292. NVD-2023-48633. OSV-PYSEC-2023-1754. GCVE-PYSEC-2023-1755. https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst#1001-2023-09-15

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.