Vulnerability Database

296,523

Total vulnerabilities in the database

Bundled libwebp in Pillow vulnerable

Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). Pillow v10.0.1 upgrades the bundled libwebp binary to v1.3.2.

Published: Oct 5, 2023
Updated: Oct 5, 2023
GHSA: GHSA-56pw-mpj4-fxww
Severity: High
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
Pillow	-	10.0.1

https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2023-175.yaml
https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst#1001-2023-09-15

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo