PYSEC-2023-175

Published Sep 20, 2023 · Modified Feb 4, 2026

Description

Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). Pillow v10.0.1 upgrades the bundled libwebp binary to v1.3.2.

References

ADVISORY https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst#1001-2023-09-15
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-5129
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-4863

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes