VulnerableCode Vulnerability Details - VCID-eg5e-mp5q-yyf5

Search for vulnerabilities

Vulnerability details: VCID-eg5e-mp5q-yyf5

Essentials
Severities (0)
References (3)
Severity details (0)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-eg5e-mp5q-yyf5
Aliases	PYSEC-2023-175
Summary	Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). Pillow v10.0.1 upgrades the bundled libwebp binary to v1.3.2.
Status	Published
Exploitability	0.5
Weighted Severity	0.0
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (0)

There are no known CWE.

System	Score	Found at
There are no known severity scores.

Reference id	Reference type	URL
		https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst#1001-2023-09-15
		https://nvd.nist.gov/vuln/detail/CVE-2023-4863
		https://nvd.nist.gov/vuln/detail/CVE-2023-5129

No exploits are available.

There are no known vectors.

No EPSS data available for this vulnerability.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:27:40.678957+00:00	Pypa Importer	Import	https://github.com/pypa/advisory-database/blob/main/vulns/pillow/PYSEC-2023-175.yaml	37.0.0