UbuntuUpdates.org

Package "python3-pil.imagetk"

Name: python3-pil.imagetk

Description:

Python Imaging Library - ImageTk Module (Python3)
Latest version: 10.2.0-1ubuntu1.2
Release: noble (24.04)
Level: updates
Repository: universe
Head package: pillow
Homepage: http://python-pillow.github.io/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "python3-pil.imagetk"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "python3-pil.imagetk" in Noble

Repository Area Version
base universe 10.2.0-1build1
security universe 10.2.0-1ubuntu1.2
proposed universe 10.2.0-1ubuntu1.1

Changelog

Version: 10.2.0-1ubuntu1.2 2026-06-08 17:07:42 UTC

  pillow (10.2.0-1ubuntu1.2) noble-security; urgency=medium

  * SECURITY UPDATE: integer overflow via large font advances
    - debian/patches/CVE-2026-42308.patch: Use long for glyph position in
      src/_imagingft.c.
    - CVE-2026-42308
  * SECURITY UPDATE: DoS via malicious PDF
    - debian/patches/CVE-2026-42310.patch: Raise an error if the trailer chain
      loops back on itself in src/PIL/PdfParser.py.
    - CVE-2026-42310

 -- Marc Deslauriers <email address hidden> Thu, 04 Jun 2026 13:41:17 -0400
Source diff to previous version
CVE-2026-42308 Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track
CVE-2026-42310 Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to ha

Version: 10.2.0-1ubuntu1 2024-04-29 13:07:05 UTC

  pillow (10.2.0-1ubuntu1) noble; urgency=medium

  * SECURITY UPDATE: Buffer overflow in imagingcms.c
    - debian/patches/CVE-2024-28219.patch: Use strncpy
    to avoid buffer overflow
    - CVE-2024-28219

 -- Nick Galanis <email address hidden> Mon, 15 Apr 2024 15:10:42 +0100
CVE-2024-28219 In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.


About   -   Send Feedback to @ubuntu_updates