INFSA-2024:4227: python-pillow security update
Information about definition
Identificator: INFSA-2024:4227
Type: security
Release date: 2024-08-23 19:21:43 UTC
Information about package
The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities.
Vulnerabilities description
- CVE-2024-28219
In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-28219
|
no information | 6.5 | no information |
Updated packages