rpm package
opensuse/python-Pillow&distro=openSUSE Leap 16.0
pkg:rpm/opensuse/python-Pillow&distro=openSUSE%20Leap%2016.0
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-40192 | Hig | 7.5 | < 11.3.0-160000.4.1 | 11.3.0-160000.4.1 | Apr 15, 2026 | Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leadi | |
| CVE-2026-25990 | Hig | 7.5 | < 11.3.0-160000.3.1 | 11.3.0-160000.3.1 | Feb 11, 2026 | Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, an out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1. |
- affected < 11.3.0-160000.4.1fixed 11.3.0-160000.4.1
Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leadi
- affected < 11.3.0-160000.3.1fixed 11.3.0-160000.3.1
Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, an out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.