ALT-PU-2024-6710-1
Package python3-module-Pillow updated to version 10.3.0-alt1 for branch sisyphus in task 345237.
Closed vulnerabilities
Published: 2024-04-03
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2024-28219
In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.
References:
- [debian-lts-announce] 20240410 [SECURITY] [DLA 3786-1] pillow security update
- [debian-lts-announce] 20240410 [SECURITY] [DLA 3786-1] pillow security update
- FEDORA-2024-e4b1b4eab1
- FEDORA-2024-e4b1b4eab1
- https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html#security
- https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html#security