Explore top 10 tips to secure your open-source projects now. Read More
×
This update for python-Pillow fixes the following issue:
- CVE-2026-40192: Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a
FITS image, making them vulnerable to decompression bomb attacks (bsc#1262184).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-629=1
- openSUSE Leap 16.0:
python313-Pillow-11.3.0-160000.4.1
python313-Pillow-tk-11.3.0-160000.4.1
* bsc#1262184
References:
* https://www.suse.com/security/cve/CVE-2026-40192.html
Get the latest Linux and open source security news straight to your inbox.