Update dependency pillow to v12 [SECURITY] by renovate[bot] · Pull Request #28 · cybernetisk/okotools

renovate · 2024-10-03T21:48:11Z

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
pillow (changelog)	`==9.3.0` → `==12.2.0`

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

libwebp: OOB write in BuildHuffmanTable

CVE-2023-4863 / GHSA-j7hp-h8jx-5ppr

More information

Details

Heap buffer overflow in libwebp allow a remote attacker to perform an out of bounds memory write via a crafted HTML page.

Severity

CVSS Score: 8.8 / 10 (High)
Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

Pillow Denial of Service vulnerability

CVE-2023-44271 / GHSA-8ghj-p4vj-mr35

More information

Details

An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.

Severity

CVSS Score: 8.7 / 10 (High)
Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

Arbitrary Code Execution in Pillow

CVE-2023-50447 / GHSA-3f63-hfp8-52jq

More information

Details

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).

Severity

CVSS Score: 9.3 / 10 (Critical)
Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

Pillow buffer overflow vulnerability

CVE-2024-28219 / GHSA-44wm-f244-xhp3

More information

Details

In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.

Severity

CVSS Score: 7.3 / 10 (High)
Vector String: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

Pillow has an integer overflow when processing fonts

CVE-2026-42308 / GHSA-wjx4-4jcj-g98j

More information

Details

If a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This has been fixed.

Severity

CVSS Score: 5.1 / 10 (Medium)
Vector String: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

Pillow has a PDF Parsing Trailer Infinite Loop (DoS)

CVE-2026-42310 / GHSA-r73j-pqj5-w3x7

More information

Details

Impact

An attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive.

Patches

Patched version: 12.2.0.

PdfParser (introduced in Pillow 4.2.0) follows Prev pointers in PDF trailers to read cross-reference sections. If a
trailer's Prev pointer references an offset that has already been processed — either pointing to itself or forming a
longer cycle — the parser enters an infinite loop. Pillow now tracks previously processed trailer offsets and raises an
error if a cycle is detected.

Workarounds

Use any version but the affected versions: >= 4.2.0, < 12.2.0

Resources

Fix: https://github.com/python-pillow/Pillow/pull/9519

Severity

CVSS Score: 5.1 / 10 (Medium)
Vector String: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

Release Notes

python-pillow/Pillow (pillow)

`v12.2.0`

Compare Source

https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html

Documentation

Update 12.2.0 release notes #9522 [@hugovk]
Add loader plugins: AMOS abk, Atari Degas, 40+ more obscure formats via Netpbm #9482 [@bitplane]
Update Python versions #9515 [@radarhere]
Jeffrey A. Clark -> Jeffrey 'Alex' Clark #9513 [@aclark4life]
Add release notes for #9394, #9419 and #9456 #9467 [@radarhere]
Add Amiga Workbench .info loader to 3rd party plugins list #9459 [@bitplane]
Merge PFM documentation into PPM #9434 [@radarhere]
Update macOS tested Pillow versions #9431 [@radarhere]
Fix CVE number #9430 [@hugovk]

Dependencies

Update xz to 5.8.3 #9523 [@radarhere]
Update libjpeg-turbo to 3.1.4.1 #9507 [@radarhere]
Update libpng to 1.6.56 #9499 [@radarhere]
Update freetype to 2.14.3 #9485 [@radarhere]
Updated libavif to 1.4.1 #9479 [@radarhere]
Updated harfbuzz to 13.2.1 #9461 [@radarhere]
Update Ghostscript to 10.7.0 #9469 [@radarhere]
Update harfbuzz to 13.0.1 #9453 [@radarhere]
Update libavif to 1.4.0 #9460 [@radarhere]
Update freetype to 2.14.2 #9449 [@radarhere]
Update actions/download-artifact action to v8 #9451 [@renovate[bot]]
Updated libpng to 1.6.55 #9425 [@radarhere]

Testing

Cleanup .spider extension in the same test where it is added #9517 [@radarhere]
Run tests in parallel via tox for 3.5x speedup #9516 [@hugovk]
Enable colour in CI logs #9486 [@hugovk]
Update Ghostscript to 10.7.0 #9469 [@radarhere]
Simplify TGA test code #9477 [@radarhere]
Update tests to check for ValueError when encoding an empty image #9464 [@radarhere]
Upgrade CI from macos-15-intel to macos-26-intel #9454 [@hugovk]
Add check-case-conflict hook #9446 [@radarhere]
Specify platform when pulling docker image #9440 [@radarhere]
GHA: Cache libavif and webp builds for Ubuntu #9437 [@hugovk]
Update macOS tested Pillow versions #9431 [@radarhere]

Other changes

Check calloc return value #9527 [@radarhere]
Check all allocs in the Arrow tree #9488 [@wiredfool]
Reject non-numeric elements inside list coords #9526 [@hugovk]
Move variable declaration inside define #9525 [@radarhere]
Resize tall images vertically first #9524 [@radarhere]
Avoid overflow by not adding extents together #9520 [@hugovk]
Use long for glyph position #9518 [@hugovk]
Raise an error if the trailer chain loops back on itself #9519 [@hugovk]
Only read as much data from gzip-decompressed data as necessary #9521 [@hugovk]
Allow None extents in C setimage() #9504 [@radarhere]
Use critical sections to protect FontObject #9498 [@colesbury]
Add ImageText.Text.wrap() to wrap text #9286 [@radarhere]
Always call StubHandler open() when opening StubImageFile #9412 [@radarhere]
Improved BCn overflow check #9043 [@radarhere]
Image will never be None #9512 [@radarhere]
Raise EOFError when seeking too far in PSD #9388 [@radarhere]
Raise error if ImageGrab subprocess gives non-zero returncode #9321 [@radarhere]
Allow for different palette entry sizes when correcting BMP pixel data offset #9472 [@radarhere]
Ignore unspecified extra samples for TIFF separate planar configuration #9514 [@radarhere]
Add PERF to lint and fix findings #9510 [@hugovk]
Switch iOS back to macos-15-intel #9509 [@radarhere]
Catch struct.error #9505 [@radarhere]
Check PyCapsule_GetPointer and PyBytes_FromStringAndSize return values #9508 [@radarhere]
Fix missing null dereference checks #9489 [@wiredfool]
CI: Retry failed downloads #9506 [@hugovk]
Use PyModule_AddObjectRef #9503 [@radarhere]
Release reference to encoder on error #9500 [@radarhere]
Fixed AVIF and WEBP dealloc #9501 [@radarhere]
Check PyType_Ready return values #9502 [@radarhere]
Check if PyObject_CallMethod result is NULL #9494 [@radarhere]
Do not use palette from grayscale or bilevel colorspace when reading JPEG2000 images #9468 [@radarhere]
If TGA v2 extension area specifies no alpha, fill alpha channel #9478 [@radarhere]
Set image pixels individually on 32-bit Windows #9492 [@radarhere]
Add error messages before returning NULL when encoding #9493 [@radarhere]
Fix _getxy refcount leaks #9487 [@hugovk]
Fix invalid test font #9483 [@radarhere]
Add Exif tag "FrameRate" #9470 [@zhiyuanouyang]
Support reading JPEG2000 images with CMYK palettes #9456 [@radarhere]
Simplify setimage() by always passing extents #9395 [@radarhere]
If bitmap buffer is empty, do not render anything #8324 [@radarhere]
Change to ValueError when encoding an empty image #9394 [@radarhere]
Add FontFile.to_imagefont() #9419 [@fjhenigman]
[pre-commit.ci] pre-commit autoupdate #9450 [@pre-commit-ci[bot]]
Use walrus operator #9448 [@radarhere]
Only close file handle in ImagePalette.save() if it was opened internally #9444 [@bysiber]
Fix self.decode typo #9445 [@bysiber]
Fix BMP RLE delta escape reading from wrong file position #9443 [@bysiber]
Correct error check when encoding AVIF images #9442 [@radarhere]
Fix unexpected error when saving zero dimension images #9391 [@radarhere]
Use uppercase format ID for PALM #9435 [@radarhere]

`v12.1.1`

Compare Source

`v12.1.0`

Compare Source

https://pillow.readthedocs.io/en/stable/releasenotes/12.1.0.html

Deprecations

Deprecate getdata(), in favour of new get_flattened_data() #9292 [@radarhere]

Documentation

Specify APNG duration type when opening #9368 [@radarhere]
Added release notes for #9350 #9366 [@radarhere]
Update ImageMorph documentation #9349 [@radarhere]
Docs: update major bump cadence #9334 [@hugovk]
Add release notes for #9070 #9320 [@radarhere]
Updated Ubuntu version #9306 [@radarhere]
Update macOS tested Pillow versions #9265 [@radarhere]

Dependencies

Update harfbuzz to 12.3.0 #9355 [@radarhere]
Update xz to 5.8.2 #9343 [@radarhere]
Updated libjpeg-turbo to 3.1.3 #9333 [@radarhere]
Updated zlib-ng to 2.3.2 #9324 [@radarhere]
Updated libpng to 1.6.53 #9325 [@radarhere]
Update actions/checkout action to v6 #9323 [@renovate[bot]]
Update dependency mypy to v1.19.0 #9322 [@renovate[bot]]
Updated libpng to 1.6.51 #9305 [@radarhere]
Updated brotli to 1.2.0 #9284 [@radarhere]
Update libimagequant to 4.4.1 #9301 [@radarhere]
Update zlib-ng to 2.3.1, except on manylinux2014 aarch64 #9312 [@radarhere]
Updated harfbuzz to 12.2.0 #9289 [@radarhere]
Update github-actions #9277 [@renovate[bot]]

Testing

Replace pre-commit with prek #9360 [@hugovk]
Test PyQt6 on Python 3.14 on Windows #9353 [@radarhere]
Test 32-bit Windows on Windows Server 2022 #9345 [@radarhere]
Correct variable type #9335 [@radarhere]
Fix ResourceWarnings in selftest.py #9332 [@hugovk]
Fix testing good P mode BMP images #9319 [@radarhere]
Test Python 3.15 pre-release #9331 [@hugovk]
Test ImageFont.ImageFont, in case freetype2 is not supported #9287 [@radarhere]
Add Fedora 43 #9290 [@radarhere]
Remove Fedora 41 #9260 [@radarhere]

Type hints

Add ImageFile context manager #9367 [@radarhere]
Assert fp is not None #8617 [@radarhere]
Added return type to ImageFile _close_fp() #9356 [@radarhere]
Use different variables for Image and ImageFile instances #9316 [@radarhere]
Correct variable type #9335 [@radarhere]
Improve type hints #9317 [@radarhere]
Use different variables for Image and ImageFile instances #9268 [@radarhere]
Added type hints #9269 [@radarhere]
Correct getitem return type #9264 [@radarhere]

Other changes

Simplify band splitting #9291 [@radarhere]
Support saving APNG float durations #9365 [@radarhere]
Allow 1 mode images in MorphOp #9348 [@radarhere]
Use minimum supported Python version for Lint #9364 [@radarhere]
Allow for duplicate font variation styles #9362 [@radarhere]
Call parent verify method #9357 [@radarhere]
Return LUT from LutBuilder build_default_lut() #9350 [@radarhere]
Simplify WebP code #9329 [@radarhere]
Use unsigned long for DWORD #9352 [@radarhere]
Cast to UINT32 before shifting bits #9347 [@radarhere]
[pre-commit.ci] pre-commit autoupdate #9318 [@pre-commit-ci[bot]]
Allow window ID to be passed to ImageGrab.grab() on macOS #9070 [@yankeguo]
Apply encoder options when saving multiple PNG frames #9300 [@radarhere]
Read all non-zero transparency from mode 1 PNG images as 255 #9282 [@radarhere]
Support writing IFD, SIGNED_RATIONAL and InkNames TIFF tags #9276 [@radarhere]
Remove unused modes #9275 [@radarhere]
Correct allocating new color to RGBA palette #9313 [@radarhere]
Close image on ImageFont exception #9304 [@radarhere]
Reapply "Use macos-latest for iOS arm64 simulator" #9259 [@radarhere]
Escape period in pre-commit-config #9036 [@radarhere]
Add Apache-2.0 notice to IcoImagePlugin #8947 [@stefan6419846]
[pre-commit.ci] pre-commit autoupdate #9288 [@pre-commit-ci[bot]]
Simplify code now that I;16* modes are the only IMAGING_TYPE_SPECIAL #9263 [@radarhere]
Remove BytesIO from DdsImagePlugin #9273 [@radarhere]
Fix ZeroDivisionError in DdsImagePlugin #9272 [@radarhere]
Fix warnings #9257 [@radarhere]

`v12.0.0`

Compare Source

https://pillow.readthedocs.io/en/stable/releasenotes/12.0.0.html

Removals

Remove support for FreeType <= 2.9.0 #9159 [@radarhere]
Drop support for Python 3.9 #9119 [@hugovk]
Remove deprecations for Pillow 12.0.0 #9053 [@radarhere]

Deprecations

Deprecate Image._show #9186 [@radarhere]
Deprecate ImageCmsProfile product_name and product_info #8995 [@lukegb]

Documentation

ImagingHistogramInstance can use two bands #9251 [@radarhere]
Update 12.0.0 release notes #9247 [@hugovk]
Added ImageDraw alpha channel examples #9201 [@radarhere]
Update Python version #9230 [@radarhere]
Updated macOS tested Pillow versions #9209 [@radarhere]
Add GitHub profile link to release notes #9197 [@radarhere]
Split versionadded info #9190 [@radarhere]
Document ImageFile.MAXBLOCK #9163 [@radarhere]
Updated macOS version in CI targets #9157 [@radarhere]
Fix typos #9135 [@radarhere]
Added "Colors" to concepts #9067 [@radarhere]
Update macOS tested Pillow versions #9068 [@radarhere]
Thanks, folks! #9056 [@aclark4life]
Setup nit: "fork" should be lowercased #9055 [@aclark4life]

Dependencies

Update dependency cibuildwheel to v3.2.1 #9246 [@renovate[bot]]
[pre-commit.ci] pre-commit autoupdate #9233 [@pre-commit-ci[bot]]
Update harfbuzz to 12.1.0 #9218 [@radarhere]
Update libtiff to 4.7.1 #9222 [@radarhere]
Update FreeType to 2.14.1 on macOS and Linux wheels #9217 [@radarhere]
Update dependency cibuildwheel to v3.2.0 #9219 [@renovate[bot]]
Update Ghostscript to 10.6.0 #9202 [@radarhere]
Update openjpeg to 2.5.4 #9215 [@radarhere]
Update harfbuzz to 11.5.0 #9203 [@radarhere]
Update dependency mypy to v1.18.2 #9213 [@renovate[bot]]
Update dependency mypy to v1.18.1 #9207 [@renovate[bot]]
Update github-actions #9194 [@renovate[bot]]
Updated harfbuzz to 11.4.5 #9150 [@radarhere]
Update zlib-ng to 2.2.5 #9140 [@radarhere]
Update raqm to 0.10.3 #9137 [@radarhere]
Update libjpeg-turbo to 3.1.2 #9188 [@radarhere]
[pre-commit.ci] pre-commit autoupdate #9180 [@pre-commit-ci[bot]]
Update dependency cibuildwheel to v3.1.4 #9164 [@renovate[bot]]
Update actions/checkout action to v5 #9156 [@renovate[bot]]
Update actions/download-artifact action to v5 #9141 [@renovate[bot]]
Updated harfbuzz to 11.3.3 #9103 [@radarhere]
[pre-commit.ci] pre-commit autoupdate #9131 [@pre-commit-ci[bot]]
Updated libimagequant to 4.4.0 #9074 [@radarhere]
Update dependency mypy to v1.17.1 #9130 [@renovate[bot]]
Update dependency cibuildwheel to v3.1.3 #9129 [@renovate[bot]]
Update dependency cibuildwheel to v3.1.2 #9118 [@renovate[bot]]
Updated libpng to 1.6.50 #9058 [@radarhere]
Update cygwin/cygwin-install-action action to v6 #9108 [@renovate[bot]]
Update dependency mypy to v1.17.0 #9092 [@renovate[bot]]
Updated libwebp to 1.6.0 #9082 [@radarhere]
Update dependency cibuildwheel to v3.0.1 #9075 [@renovate[bot]]
[pre-commit.ci] pre-commit autoupdate #9073 [@pre-commit-ci[bot]]

Testing

Check return types #9045 [@radarhere]
Upgrade from

✂ Note

PR body was truncated to here.

Configuration

📅 Schedule: (UTC)

Branch creation
- ""
Automerge
- At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate Bot force-pushed the renovate/pypi-pillow-vulnerability branch from 2d4f5cc to 257229b Compare August 13, 2025 23:33

renovate Bot force-pushed the renovate/pypi-pillow-vulnerability branch from 257229b to d2ff26a Compare March 14, 2026 21:21

Update dependency pillow to v12 [SECURITY]

1808708

renovate Bot force-pushed the renovate/pypi-pillow-vulnerability branch from d2ff26a to 1808708 Compare May 7, 2026 00:00

renovate Bot changed the title ~~Update dependency pillow to v10 [SECURITY]~~ Update dependency pillow to v12 [SECURITY] May 7, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update dependency pillow to v12 [SECURITY]#28

Update dependency pillow to v12 [SECURITY]#28
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/pypi-pillow-vulnerability

renovate Bot commented Oct 3, 2024 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

renovate Bot commented Oct 3, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

libwebp: OOB write in BuildHuffmanTable

Details

Severity

References

Pillow Denial of Service vulnerability

Details

Severity

References

Arbitrary Code Execution in Pillow

Details

Severity

References

Pillow buffer overflow vulnerability

Details

Severity

References

Pillow has an integer overflow when processing fonts

Details

Severity

References

Pillow has a PDF Parsing Trailer Infinite Loop (DoS)

Details

Impact

Patches

Workarounds

Resources

Severity

References

Release Notes

v12.2.0

Documentation

Dependencies

Testing

Other changes

v12.1.1

v12.1.0

Deprecations

Documentation

Dependencies

Testing

Type hints

Other changes

v12.0.0

Removals

Deprecations

Documentation

Dependencies

Testing

Configuration

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

renovate Bot commented Oct 3, 2024 •

edited

Loading

`v12.2.0`

`v12.1.1`

`v12.1.0`

`v12.0.0`