Explore top 10 tips to secure your open-source projects now. Read More
×
This update for python-Pillow fixes the following issues
* CVE-2026-54058: out-of-bounds read via attacker-controlled row stride on
`mmap` path (bsc#1271419).
* CVE-2026-59197: heap out-of-bounds write in `ImageFilter.RankFilter` via
integer overflow in `ImagingExpand` (bsc#1271418).
* CVE-2026-59198: out-of-bounds heap data copied into file generated by TGA
RLE encoder (bsc#1271420).
* CVE-2026-59199: heap out-of-bounds write in `Image.paste()` and
`Image.crop()` via signed coordinate overflow (bsc#1271421).
* CVE-2026-59200: decompression bomb DoS via `PdfParser.PdfStream.decode()`
(bsc#1271422).
* CVE-2026-59204: denial of service through memory exhaustion via JPEG2000
tiled decoder (bsc#1271424).
* CVE-2026-59205: controlled heap out-of-bounds write in
`ImageCmsTransform.apply()` via output mode mismatch
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.3
zypper in -t patch SUSE-2026-3084=1
* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-3084=1
* openSUSE Leap 15.3 (aarch64 i586 ppc64le s390x x86_64)
* python3-Pillow-debuginfo-7.2.0-150300.3.30.1
* python-Pillow-debuginfo-7.2.0-150300.3.30.1
* python3-Pillow-tk-debuginfo-7.2.0-150300.3.30.1
* python-Pillow-debugsource-7.2.0-150300.3.30.1
* python3-Pillow-7.2.0-150300.3.30.1
* python3-Pillow-tk-7.2.0-150300.3.30.1
* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64)
* python3-Pillow-debuginfo-7.2.0-150300.3.30.1
* python-Pillow-debugsource-7.2.0-150300.3.30.1
* python-Pillow-debuginfo-7.2.0-150300.3.30.1
* python3-Pillow-7.2.0-150300.3.30.1
* bsc#1271418
* bsc#1271419
* bsc#1271420
* bsc#1271421
* bsc#1271422
* bsc#1271424
* bsc#1271425
## References:
* https://www.suse.com/security/cve/CVE-2026-54058.html
* https://www.suse.com/security/cve/CVE-2026-59197.html
* https://www.suse.com/security/cve/CVE-2026-59198.html
* https://www.suse.com/security/cve/CVE-2026-59199.html
* https://www.suse.com/security/cve/CVE-2026-59200.html
* https://www.suse.com/security/cve/CVE-2026-59204.html
* https://www.suse.com/security/cve/CVE-2026-59205.html
* https://bugzilla.suse.com/show_bug.cgi?id=1271418
* https://bugzilla.suse.com/show_bug.cgi?id=1271419
* https://bugzilla.suse.com/show_bug.cgi?id=1271420
* https://bugzilla.suse.com/show_bug.cgi?id=1271421
* https://bugzilla.suse.com/show_bug.cgi?id=1271422
* https://bugzilla.suse.com/show_bug.cgi?id=1271424
* https://bugzilla.suse.com/show_bug.cgi?id=1271425
Get the latest Linux and open source security news straight to your inbox.