Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). Pillow v10.0.1 upgrades the bundled libwebp binary to v1.3.2.
{ "nvd_published_at": null, "cwe_ids": [], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2023-10-05T00:06:58Z" }