This advisory has been withdrawn because it is a duplicate of GHSA-56pw-mpj4-fxww. This link is maintained to preserve external references.
Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). Pillow v10.0.1 upgrades the bundled libwebp binary to v1.3.2.
{ "cwe_ids": [], "nvd_published_at": null, "github_reviewed": true, "severity": "HIGH", "github_reviewed_at": "2023-10-05T00:06:58Z" }