{"schema_version":"1.7.2","id":"OESA-2026-2428","modified":"2026-05-22T13:21:54Z","published":"2026-05-22T13:21:54Z","upstream":["CVE-2026-42311"],"summary":"python-pillow security update","details":"Pillow is the friendly PIL fork by Alex Clark and Contributors. PIL is the Python Imaging \\ Library by Fredrik Lundh and Contributors. As of 2019, Pillow development is supported by Tidelift.    of CVE-2022-22815,CVE-2022-22816)\r\n\r\nSecurity Fix(es):\n\nPillow is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution. This issue has been patched in version 12.2.0.(CVE-2026-42311)","affected":[{"package":{"ecosystem":"openEuler:24.03-LTS","name":"python-pillow","purl":"pkg:rpm/openEuler/python-pillow&distro=openEuler-24.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"10.3.0-5.oe2403"}]}],"ecosystem_specific":{"aarch64":["python-pillow-debuginfo-10.3.0-5.oe2403.aarch64.rpm","python-pillow-debugsource-10.3.0-5.oe2403.aarch64.rpm","python3-pillow-10.3.0-5.oe2403.aarch64.rpm","python3-pillow-devel-10.3.0-5.oe2403.aarch64.rpm","python3-pillow-qt-10.3.0-5.oe2403.aarch64.rpm","python3-pillow-tk-10.3.0-5.oe2403.aarch64.rpm"],"noarch":["python3-pillow-help-10.3.0-5.oe2403.noarch.rpm"],"src":["python-pillow-10.3.0-5.oe2403.src.rpm"],"x86_64":["python-pillow-debuginfo-10.3.0-5.oe2403.x86_64.rpm","python-pillow-debugsource-10.3.0-5.oe2403.x86_64.rpm","python3-pillow-10.3.0-5.oe2403.x86_64.rpm","python3-pillow-devel-10.3.0-5.oe2403.x86_64.rpm","python3-pillow-qt-10.3.0-5.oe2403.x86_64.rpm","python3-pillow-tk-10.3.0-5.oe2403.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2428"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42311"}],"database_specific":{"severity":"High"}}