UbuntuUpdates.org

Package "pillow"

Name: pillow

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Python Imaging Library - ImageTk Module (Python3)
Latest version: 10.2.0-1ubuntu1.2
Release: noble (24.04)
Level: security
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "pillow" in Noble

Repository Area Version
base universe 10.2.0-1build1
base main 10.2.0-1build1
security main 10.2.0-1ubuntu1.2
updates main 10.2.0-1ubuntu1.2
updates universe 10.2.0-1ubuntu1.2
proposed main 10.2.0-1ubuntu1.1
proposed universe 10.2.0-1ubuntu1.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 10.2.0-1ubuntu1.2 2026-06-08 14:08:08 UTC

  pillow (10.2.0-1ubuntu1.2) noble-security; urgency=medium

  * SECURITY UPDATE: integer overflow via large font advances
    - debian/patches/CVE-2026-42308.patch: Use long for glyph position in
      src/_imagingft.c.
    - CVE-2026-42308
  * SECURITY UPDATE: DoS via malicious PDF
    - debian/patches/CVE-2026-42310.patch: Raise an error if the trailer chain
      loops back on itself in src/PIL/PdfParser.py.
    - CVE-2026-42310

 -- Marc Deslauriers <email address hidden> Thu, 04 Jun 2026 13:41:17 -0400
Source diff to previous version
CVE-2026-42308 Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track
CVE-2026-42310 Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to ha

Version: 10.2.0-1ubuntu1 2024-04-29 12:07:03 UTC

  pillow (10.2.0-1ubuntu1) noble; urgency=medium

  * SECURITY UPDATE: Buffer overflow in imagingcms.c
    - debian/patches/CVE-2024-28219.patch: Use strncpy
    to avoid buffer overflow
    - CVE-2024-28219

 -- Nick Galanis <email address hidden> Mon, 15 Apr 2024 15:10:42 +0100
CVE-2024-28219 In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.


About   -   Send Feedback to @ubuntu_updates