Affected Products
| Vendor | Product | Versions |
|---|---|---|
| PyPI | pillow | 0, 1.0, 1.2 |
Timeline
- Sep 20, 2023 CVE Published
- Sep 25, 2023 CVE Updated
- Oct 5, 2023 PoC Published
- Apr 28, 2025 PoC Published
- Mar 7, 2026 Security Advisory
- Mar 7, 2026 Security Advisory
Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). Pillow v10.0.1 upgrades the bundled libwebp binary to v1.3.2.
| Vendor | Product | Versions |
|---|---|---|
| PyPI | pillow | 0, 1.0, 1.2 |