Lucene search
K

4 matches found

NVD
NVD
added 2026/05/09 6:16 a.m.21 views

CVE-2026-42308

Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0...

5.5CVSS0.00114EPSS
Exploits0References2
CVE
CVE
added 2026/05/09 4:9 a.m.55 views

CVE-2026-42308

Pillow CVE-2026-42308 describes an integer overflow in font handling that occurs when a glyph advances by an excessively large amount. Affected is Pillow before version 12.2.0; the issue is resolved in 12.2.0. The CVSS vector indicates local, low complexity access with no privileges required and ...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/09 12:0 a.m.12 views

Pillow 输入验证错误漏洞

Pillow is an open-source image processing library developed by Pillow. Versions of Pillow prior to 12.2.0 contained a vulnerability related to input validation errors. This vulnerability could lead to integer overflow when the advancement of each character in the font was too large...

5.5CVSS7.2AI score0.00114EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/04 8:18 p.m.11 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound. An attacker can cause unexpected behavior by supplying a font where each glyph advances by an excessively large amount. Remediation Upgrade pillow to version 12.2.0 or higher. References - GitHub Advisory...

7.5CVSS5.8AI score0.00114EPSS
Exploits0References2
Rows per page
Query Builder