VDB

PYSEC-2023-175

PYSEC-2023-175 PUBLISHED

Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). Pillow v10.0.1 upgrades the bundled libwebp binary to v1.3.2.

Affected Products

VendorProductVersions
PyPIpillow0, 1.0, 1.2

Timeline

  • Sep 20, 2023 CVE Published
  • Sep 25, 2023 CVE Updated
  • Oct 5, 2023 PoC Published
  • Apr 28, 2025 PoC Published
  • Mar 7, 2026 Security Advisory
  • Mar 7, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›