------------------------------------------------------------------------- Debian LTS Advisory DLA-4462-1 [email protected] https://www.debian.org/lts/security/ Daniel Leidert February 01, 2026 https://wiki.debian.org/LTS -------------------------------------------------------------------------
Package : pillow Version : 8.1.2+dfsg-0.3+deb11u3 CVE ID : CVE-2021-23437 CVE-2022-24303 CVE-2022-45198 Multiple vulnerabilities have been found in Pillow, an image processing library for Python. CVE-2021-23437 The getrgb function is susceptible to a ReDoS. CVE-2022-24303 A possible path traversal vulnerability allows attackers to delete files. CVE-2022-45198 An improper handling of highly compressed GIF data can lead to a decompression bomb. For Debian 11 bullseye, these problems have been fixed in version 8.1.2+dfsg-0.3+deb11u3. We recommend that you upgrade your pillow packages. For the detailed security status of pillow please refer to its security tracker page at: https://security-tracker.debian.org/tracker/pillow Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
signature.asc
Description: This is a digitally signed message part
