VYPR

rpm package

opensuse/python-Pillow&distro=openSUSE Leap 16.0

pkg:rpm/opensuse/python-Pillow&distro=openSUSE%20Leap%2016.0

Vulnerabilities (2)

  • CVE-2026-40192HigApr 15, 2026
    affected < 11.3.0-160000.4.1fixed 11.3.0-160000.4.1

    Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leadi

  • CVE-2026-25990HigFeb 11, 2026
    affected < 11.3.0-160000.3.1fixed 11.3.0-160000.3.1

    Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, an out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.