Bugzilla – Bug 1222262
VUL-0: CVE-2024-28219: python-Pillow: buffer overflow in _imagingcms.c
Last modified: 2024-05-13 08:48:52 UTC
In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-28219 https://bugzilla.redhat.com/show_bug.cgi?id=2272563 https://www.cve.org/CVERecord?id=CVE-2024-28219 https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html#security
This is an autogenerated message for OBS integration: This bug (1222262) was mentioned in https://build.opensuse.org/request/show/1164299 Factory / python-Pillow
Fixing commit: https://github.com/python-pillow/Pillow/commit/2a93aba5cfcf6e241ab4f9392c13e3b74032c061 (related PR is https://github.com/python-pillow/Pillow/pull/7928)
SUSE-SU-2024:1154-1: An update that solves one vulnerability can now be installed. Category: security (important) Bug References: 1222262 CVE References: CVE-2024-28219 Maintenance Incident: [SUSE:Maintenance:33217](https://smelt.suse.de/incident/33217/) Sources used: openSUSE Leap 15.3 (src): python-Pillow-7.2.0-150300.3.9.1 openSUSE Leap 15.5 (src): python-Pillow-7.2.0-150300.3.9.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:1268-1: An update that solves one vulnerability can now be installed. Category: security (important) Bug References: 1222262 CVE References: CVE-2024-28219 Maintenance Incident: [SUSE:Maintenance:33207](https://smelt.suse.de/incident/33207/) Sources used: HPE Helion OpenStack 8 (src): venv-openstack-horizon-hpe-12.0.5~dev6-14.58.2, python-Pillow-4.2.1-3.29.2 SUSE OpenStack Cloud 8 (src): venv-openstack-horizon-12.0.5~dev6-14.58.2, python-Pillow-4.2.1-3.29.2 SUSE OpenStack Cloud Crowbar 8 (src): python-Pillow-4.2.1-3.29.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:1267-1: An update that solves one vulnerability can now be installed. Category: security (important) Bug References: 1222262 CVE References: CVE-2024-28219 Maintenance Incident: [SUSE:Maintenance:33203](https://smelt.suse.de/incident/33203/) Sources used: SUSE OpenStack Cloud 9 (src): venv-openstack-horizon-14.1.1~dev11-4.55.2, python-Pillow-5.2.0-3.26.2 SUSE OpenStack Cloud Crowbar 9 (src): python-Pillow-5.2.0-3.26.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:1258-1: An update that solves one vulnerability and has one security fix can now be installed. Category: security (important) Bug References: 1222262, 1222553 CVE References: CVE-2024-28219 Maintenance Incident: [SUSE:Maintenance:33206](https://smelt.suse.de/incident/33206/) Sources used: SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src): python-Pillow-9.5.0-150400.5.15.1 SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src): python-Pillow-9.5.0-150400.5.15.1 SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src): python-Pillow-9.5.0-150400.5.15.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src): python-Pillow-9.5.0-150400.5.15.1 openSUSE Leap 15.4 (src): python-Pillow-9.5.0-150400.5.15.1 openSUSE Leap 15.5 (src): python-Pillow-9.5.0-150400.5.15.1 Python 3 Module 15-SP5 (src): python-Pillow-9.5.0-150400.5.15.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src): python-Pillow-9.5.0-150400.5.15.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.