pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image

A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure...

ROOT-APP-PYPI-CVE-2026-42311 CVE-2026-42311 in rootio-pillow - Patched by Root

Root has patched CVE-2026-42311 in the rootio-pillow package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2026-40192 CVE-2026-40192 in rootio-pillow - Patched by Root

Root has patched CVE-2026-40192 in the rootio-pillow package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2026-25990 CVE-2026-25990 in rootio-pillow - Patched by Root

Root has patched CVE-2026-25990 in the rootio-pillow package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2023-44271 CVE-2023-44271 in rootio-pillow - Patched by Root

Root has patched CVE-2023-44271 in the rootio-pillow package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2023-50447 CVE-2023-50447 in rootio-pillow - Patched by Root

Root has patched CVE-2023-50447 in the rootio-pillow package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2023-4863 CVE-2023-4863 in rootio-pillow - Patched by Root

Root has patched CVE-2023-4863 in the rootio-pillow package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2026-42308 CVE-2026-42308 in rootio-pillow - Patched by Root

Root has patched CVE-2026-42308 in the rootio-pillow package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2026-42310 CVE-2026-42310 in rootio-pillow - Patched by Root

Root has patched CVE-2026-42310 in the rootio-pillow package for Root:PyPI. Multiple fixed versions available...

CVE-2026-54236

CVE-2026-54236 affects vLLM versions before 0.23.1rc0. Five code paths bypass the sanitize_message global exception handler, leaking heap addresses via exception messages: (1) Anthropic API router POST /v1/messages and POST /v1/messages/count_tokens (vllm/entrypoints/anthropic/api_router.py), (2)...

Astra Linux – Vulnerability in pillow

In Pillow before 8.1.2, attackers can cause a denial of service due to excessive memory consumption. This occurs because the reported size of the contained image is not properly checked for an ICNS container. As a result, a memory allocation attempt can be quite large...

Astra Linux – Vulnerability in pillow

In versions 8.2.0 and earlier of Pillow, as well as versions 1.1.7 and earlier of PIL Python Imaging Library, an attacker can pass controlled parameters directly into the convert function, thereby triggering a buffer overflow in Convert.c...

Astra Linux – Vulnerability in pillow

In Pillow before 8.1.2, attackers can cause a denial of service due to excessive memory consumption. This occurs because the reported size of the contained image is not properly checked for an ICO container. As a result, a memory allocation attempt can be quite large...

Astra Linux – Vulnerability in pillow

In version 9.0.1, Pillow allows attackers to delete files because spaces in temporary pathnames are mishandled...

Astra Linux – Vulnerability in pillow

A issue was discovered in Pillow before version 8.1.1. The PDF parser allows a regular expression DoS ReDoS attack through a crafted PDF file due to a catastrophic backtracking in the regex...

Astra Linux – Vulnerability in pillow

In Pillow before 8.1.0, PcxDecode has a buffer over-reading issue when decoding a crafted PCX file, because the user-supplied stride value is trusted for buffer calculations...

Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing

A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to trigger a denial of service DoS by providing a specially crafted FITS image file. The library's failure to limit the amount of GZIP-compressed data during decoding can lead to unbounded memory...

Important: Red Hat Security Advisory: Satellite 6.16.9 Async Update

An update is now available for Red Hat Satellite 6.16 for RHEL 8 and RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

PT-2026-50491

Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.23.1rc0 Description An incomplete fix for a previous memory leak issue allows unauthenticated attackers to leak heap memory addresses. The system fails to properly sanitize error messages in several response paths,...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses pillow-11.3.0 which is vulnerable to CVE-2026-40192

Summary IBM Maximo Application Suite - Visual Inspection component uses pillow-11.3.0 which is vulnerable to CVE-2026-40192, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-40192 DESCRIPTION: Pillow is a Python imaging...