Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Debian DSA-5704-1 Critical: Pillow Software Denial of Service Risk

debian
Calendar Grey June 5, 2024
Debian Logo
Pillow, the popular Python Imaging Library, has critical security vulnerabilities impacting systems using Debian. This advisory highlights key issues and fixes.
Multiple security issues were discovered in Pillow, a Python imaging library, which could result in denial of service or the execution of arbitrary code if malformed images are pro...
Topics%20covered

Topics Covered

security advisory denial of service critical code execution debian python library pillow

Summary

Multiple security issues were discovered in Pillow, a Python imaging
library, which could result in denial of service or the execution of
arbitrary code if malformed images are processed.

For the oldstable distribution (bullseye), these problems have been fixed
in version 8.1.2+dfsg-0.3+deb11u2.

For the stable distribution (bookworm), these problems have been fixed in
version 9.4.0-1.1+deb12u1.

We recommend that you upgrade your pillow packages.

For the detailed security status of pillow please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/pillow

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/



Severity
critical
Lowest
Low
Medium
High
Critical

Package: pillow
CVE ID: CVE-2023-44271 CVE-2023-50447 CVE-2024-28219

Topics%20covered

Topics Covered

security advisory denial of service critical code execution debian python library pillow

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here