Explore top 10 tips to secure your open-source projects now. Read More
×Python image processing library, fork of the Python Imaging Library (PIL)
This library provides extensive file format support, an efficient
internal representation, and powerful image processing capabilities.
There are four subpackages: tk (tk interface), qt (PIL image wrapper for Qt),
devel (development) and doc (documentation).
Update Information:
Fix CVE-2026-55380, CVE-2026-54060, CVE-2026-54059, CVE-2026-55379, CVE-2026-55798
* Thu Jul 2 2026 Sandro Mani
[ 1 ] Bug #2497649 - CVE-2026-55379 python-pillow: Pillow: Denial of Service via crafted BDF font file [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2497649
[ 2 ] Bug #2497660 - CVE-2026-55380 python-pillow: Pillow: Denial of Service via crafted GD 2.x image file [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2497660
[ 3 ] Bug #2497665 - CVE-2026-54060 python-pillow: Pillow: Denial of Service via excessive memory allocation when processing font files [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2497665
[ 4 ] Bug #2497682 - CVE-2026-54059 python-pillow: Pillow: Denial of Service via crafted PCF font data [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2497682
[ 5 ] Bug #2497699 - CVE-2026-55798 python-pillow: Pillow: Arbitrary command injection via shell metacharacters in file paths [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2497699
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-46c4892063' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
Get the latest Linux and open source security news straight to your inbox.