Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 533
Alerts This Week
Warning Icon 1 533

openSUSE Leap 15.3 python-Pillow Moderate DoS 2026-3084-1

opensuse
Calendar Grey July 17, 2026
Scroller Opensuse Esm H88
Update for openSUSE fixes seven vulnerabilities in python-Pillow, addressing issues from memory exhaustion to out-of-bounds writes.
An update that solves seven vulnerabilities can now be installed.

Description

This update for python-Pillow fixes the following issues

* CVE-2026-54058: out-of-bounds read via attacker-controlled row stride on

`mmap` path (bsc#1271419).

* CVE-2026-59197: heap out-of-bounds write in `ImageFilter.RankFilter` via

integer overflow in `ImagingExpand` (bsc#1271418).

* CVE-2026-59198: out-of-bounds heap data copied into file generated by TGA

RLE encoder (bsc#1271420).

* CVE-2026-59199: heap out-of-bounds write in `Image.paste()` and

`Image.crop()` via signed coordinate overflow (bsc#1271421).

* CVE-2026-59200: decompression bomb DoS via `PdfParser.PdfStream.decode()`

(bsc#1271422).

* CVE-2026-59204: denial of service through memory exhaustion via JPEG2000

tiled decoder (bsc#1271424).

* CVE-2026-59205: controlled heap out-of-bounds write in

`ImageCmsTransform.apply()` via output mode mismatch

Patch

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like

YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3

zypper in -t patch SUSE-2026-3084=1

* SUSE Package Hub 15 15-SP7

zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-3084=1

Package List

* openSUSE Leap 15.3 (aarch64 i586 ppc64le s390x x86_64)

* python3-Pillow-debuginfo-7.2.0-150300.3.30.1

* python-Pillow-debuginfo-7.2.0-150300.3.30.1

* python3-Pillow-tk-debuginfo-7.2.0-150300.3.30.1

* python-Pillow-debugsource-7.2.0-150300.3.30.1

* python3-Pillow-7.2.0-150300.3.30.1

* python3-Pillow-tk-7.2.0-150300.3.30.1

* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64)

* python3-Pillow-debuginfo-7.2.0-150300.3.30.1

* python-Pillow-debugsource-7.2.0-150300.3.30.1

* python-Pillow-debuginfo-7.2.0-150300.3.30.1

* python3-Pillow-7.2.0-150300.3.30.1

References

* bsc#1271418

* bsc#1271419

* bsc#1271420

* bsc#1271421

* bsc#1271422

* bsc#1271424

* bsc#1271425

## References:

* https://www.suse.com/security/cve/CVE-2026-54058.html

* https://www.suse.com/security/cve/CVE-2026-59197.html

* https://www.suse.com/security/cve/CVE-2026-59198.html

* https://www.suse.com/security/cve/CVE-2026-59199.html

* https://www.suse.com/security/cve/CVE-2026-59200.html

* https://www.suse.com/security/cve/CVE-2026-59204.html

* https://www.suse.com/security/cve/CVE-2026-59205.html

* https://bugzilla.suse.com/show_bug.cgi?id=1271418

* https://bugzilla.suse.com/show_bug.cgi?id=1271419

* https://bugzilla.suse.com/show_bug.cgi?id=1271420

* https://bugzilla.suse.com/show_bug.cgi?id=1271421

* https://bugzilla.suse.com/show_bug.cgi?id=1271422

* https://bugzilla.suse.com/show_bug.cgi?id=1271424

* https://bugzilla.suse.com/show_bug.cgi?id=1271425

Severity
moderate
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:3084-1
Release Date: 2026-07-16T17:46:49Z
Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.