SUSE Package Hub - openSUSE-2024-132

Update Info

openSUSE-2024-132

Security update for python-Pillow

Type: security

Severity: moderate

Issued: 2024-05-19

Description:

This update for python-Pillow fixes the following issues:

- Fixed ImagePath.Path array handling (boo#1194551, boo#1194552, CVE-2022-22815, CVE-2022-22816)

References

CVE: CVE-2022-22816
CVE: CVE-2022-22815
Bugzilla: 1194552 VUL-1: CVE-2022-22815: python-Pillow: path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.
Bugzilla: 1194551 VUL-1: CVE-2022-22816: python-Pillow: path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.

Packages

python-Pillow-8.4.0-bp155.3.6.1