A vulnerability has been discovered in Pillow, which may lead to arbitrary code execution.
Package | dev-python/pillow on all architectures |
---|---|
Affected versions | < 10.3.0 |
Unaffected versions | >= 10.3.0 |
The friendly PIL fork.
A vulnerability has been discovered in Pillow. Please review the CVE identifier referenced below for details.
Please review the referenced CVE identifier for details.
There is no known workaround at this time.
All Pillow users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-python/pillow-10.3.0"
Release date
November 17, 2024
Latest revision
November 17, 2024: 1
Severity
high
Exploitable
local and remote
Bugzilla entries