Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 579
Alerts This Week
Warning Icon 1 579

Fedora 44 python-pillow Denial of Service Vuln 2026-46c4892063

fedora
Calendar Grey July 10, 2026
Dist Fedora Esm H88
This update addresses critical issues in Python Pillow library, preventing denial of service and command injection risks.
Fix CVE-2026-55380, CVE-2026-54060, CVE-2026-54059, CVE-2026-55379, CVE-2026-55798

Summary

Python image processing library, fork of the Python Imaging Library (PIL)

This library provides extensive file format support, an efficient

internal representation, and powerful image processing capabilities.

There are four subpackages: tk (tk interface), qt (PIL image wrapper for Qt),

devel (development) and doc (documentation).

Update Information:

Fix CVE-2026-55380, CVE-2026-54060, CVE-2026-54059, CVE-2026-55379, CVE-2026-55798

Change Log

* Thu Jul 2 2026 Sandro Mani - 12.3.0-1 - Update to 12.3.0 * Wed Jun 3 2026 Python Maint - 12.2.0-2 - Rebuilt for Python 3.15

References


[ 1 ] Bug #2497649 - CVE-2026-55379 python-pillow: Pillow: Denial of Service via crafted BDF font file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2497649 [ 2 ] Bug #2497660 - CVE-2026-55380 python-pillow: Pillow: Denial of Service via crafted GD 2.x image file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2497660 [ 3 ] Bug #2497665 - CVE-2026-54060 python-pillow: Pillow: Denial of Service via excessive memory allocation when processing font files [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2497665 [ 4 ] Bug #2497682 - CVE-2026-54059 python-pillow: Pillow: Denial of Service via crafted PCF font data [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2497682 [ 5 ] Bug #2497699 - CVE-2026-55798 python-pillow: Pillow: Arbitrary command injection via shell metacharacters in file paths [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2497699

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-46c4892063' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: python-pillow
Product: Fedora 44
Version: 12.3.0
Release: 1.fc44
Summary: Python image processing library

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.