{"affected":[{"ecosystem_specific":{"binaries":[{"python3-Pillow":"7.2.0-150300.3.15.1","python3-Pillow-tk":"7.2.0-150300.3.15.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.5","name":"python-Pillow","purl":"pkg:rpm/opensuse/python-Pillow&distro=openSUSE%20Leap%2015.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"7.2.0-150300.3.15.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for python-Pillow fixes the following issues:\n\n- Fixed ImagePath.Path array handling (bsc#1194552, CVE-2022-22815, bsc#1194551, CVE-2022-22816)\n- Use snprintf instead of sprintf (bsc#1188574, CVE-2021-34552)\n- Fix Memory DOS in Icns, Ico and Blp Image Plugins. (bsc#1183110, CVE-2021-27921, bsc#1183108, CVE-2021-27922, bsc#1183107, CVE-2021-27923)\n- Fix OOB read in SgiRleDecode.c (bsc#1183102, CVE-2021-25293)\n- Use more specific regex chars to prevent ReDoS (bsc#1183101, CVE-2021-25292)\n- Fix negative size read in TiffDecode.c (bsc#1183105, CVE-2021-25290)\n- Raise ValueError if color specifier is too long (bsc#1190229, CVE-2021-23437)\n- Incorrect error code checking in TiffDecode.c (bsc#1183103, CVE-2021-25289)\n- OOB Write in TiffDecode.c (bsc#1180833, CVE-2020-35654)\n","id":"SUSE-SU-2024:1673-1","modified":"2024-05-17T07:30:17Z","published":"2024-05-17T07:30:17Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20241673-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1180833"},{"type":"REPORT","url":"https://bugzilla.suse.com/1183101"},{"type":"REPORT","url":"https://bugzilla.suse.com/1183102"},{"type":"REPORT","url":"https://bugzilla.suse.com/1183103"},{"type":"REPORT","url":"https://bugzilla.suse.com/1183105"},{"type":"REPORT","url":"https://bugzilla.suse.com/1183107"},{"type":"REPORT","url":"https://bugzilla.suse.com/1183108"},{"type":"REPORT","url":"https://bugzilla.suse.com/1183110"},{"type":"REPORT","url":"https://bugzilla.suse.com/1188574"},{"type":"REPORT","url":"https://bugzilla.suse.com/1190229"},{"type":"REPORT","url":"https://bugzilla.suse.com/1194551"},{"type":"REPORT","url":"https://bugzilla.suse.com/1194552"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-35654"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-23437"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-25289"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-25290"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-25292"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-25293"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-27921"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-27922"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-27923"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-34552"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-22815"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-22816"}],"related":["CVE-2020-35654","CVE-2021-23437","CVE-2021-25289","CVE-2021-25290","CVE-2021-25292","CVE-2021-25293","CVE-2021-27921","CVE-2021-27922","CVE-2021-27923","CVE-2021-34552","CVE-2022-22815","CVE-2022-22816"],"summary":"Security update for python-Pillow","upstream":["CVE-2020-35654","CVE-2021-23437","CVE-2021-25289","CVE-2021-25290","CVE-2021-25292","CVE-2021-25293","CVE-2021-27921","CVE-2021-27922","CVE-2021-27923","CVE-2021-34552","CVE-2022-22815","CVE-2022-22816"]}