2 matches found
CVE-2026-55380 Pillow GdImageFile decompression bomb protection bypass
Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile.open read image dimensions from the GD 2.x header and stored them in self.size without calling Image.decompressionbombcheck, allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This iss...
CVE-2026-55380
Pillow (Python imaging library) vulnerability: Prior to 12.3.0, in GdImageFile._open(), image dimensions were read from the GD 2.x header and stored in self._size without invoking Image._decompression_bomb_check(), allowing a crafted .gd file to trigger excessive C-heap allocation. Impact: potent...