More information about this security flaw is available in the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=2345671 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The CVE pertains to the iconv() implementation in musl-libc. The only known code from musl-libc in Pandas is a small set of C preprocessor macros in pandas/_libs/include/pandas/portable.h: // GH-23516 - works around locale perf issues // from MUSL libc, licence at LICENSES/MUSL_LICENSE #define isdigit_ascii(c) (((unsigned)(c) - '0') < 10u) #define getdigit_ascii(c, default) \ (isdigit_ascii(c) ? ((int)((c) - '0')) : default) #define isspace_ascii(c) (((c) == ' ') || (((unsigned)(c) - '\t') < 5)) #define toupper_ascii(c) ((((unsigned)(c) - 'a') < 26) ? ((c) & 0x5f) : (c)) #define tolower_ascii(c) ((((unsigned)(c) - 'A') < 26) ? ((c) | 0x20) : (c)) Therefore, Pandas cannot be affected.