SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-1673

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-1673

Security update for python-Pillow

Type: security

Severity: critical

Issued: 2024-06-13

Description:

This update for python-Pillow fixes the following issues:

- Fixed ImagePath.Path array handling (bsc#1194552, CVE-2022-22815, bsc#1194551, CVE-2022-22816)
- Use snprintf instead of sprintf (bsc#1188574, CVE-2021-34552)
- Fix Memory DOS in Icns, Ico and Blp Image Plugins. (bsc#1183110, CVE-2021-27921, bsc#1183108, CVE-2021-27922, bsc#1183107, CVE-2021-27923)
- Fix OOB read in SgiRleDecode.c (bsc#1183102, CVE-2021-25293)
- Use more specific regex chars to prevent ReDoS (bsc#1183101, CVE-2021-25292)
- Fix negative size read in TiffDecode.c (bsc#1183105, CVE-2021-25290)
- Raise ValueError if color specifier is too long (bsc#1190229, CVE-2021-23437)
- Incorrect error code checking in TiffDecode.c (bsc#1183103, CVE-2021-25289)
- OOB Write in TiffDecode.c (bsc#1180833, CVE-2020-35654)

References

Packages

python-Pillow-7.2.0-150300.3.15.1