This update for python-Pillow fixes the following issues
- CVE-2026-42308: integer overflow in font processing can lead to denial of service (bsc#1265359).
- CVE-2026-42309: heap buffer overflow when processing nested list coordinates (bsc#1265153).
- CVE-2026-42310: infinite loop and resource exhaustion when processing specially crafted PDFs (bsc#1265154).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-820=1
- openSUSE Leap 16.0:
python313-Pillow-11.3.0-160000.5.1
python313-Pillow-tk-11.3.0-160000.5.1
* bsc#1265153
* bsc#1265154
* bsc#1265359
References:
* https://www.suse.com/security/cve/CVE-2026-42308.html
* https://www.suse.com/security/cve/CVE-2026-42309.html
* https://www.suse.com/security/cve/CVE-2026-42310.html
Get the latest Linux and open source security news straight to your inbox.