SUSE Package Hub - openSUSE-2024-125

Update Info

openSUSE-2024-125

Security update for python-Pillow

Type: security

Severity: important

Issued: 2024-05-13

Description:

This update for python-Pillow fixes the following issues:

- CVE-2023-50447: Fixed arbitrary code execution via the environment parameter (boo#1219048)

References

CVE: CVE-2023-50447
Bugzilla: 1219048 VUL-0: CVE-2023-50447: python-Pillow: Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter

Packages

python-Pillow-8.4.0-bp155.3.3.1