Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses pillow-11.3.0 which is vulnerable to CVE-2026-25990

Summary IBM Maximo Application Suite - Visual Inspection component uses pillow-11.3.0 which is vulnerable to CVE-2026-25990, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-25990 DESCRIPTION: Pillow is a Python imaging...

RHEL 9 : gimp (RHSA-2026:20691)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20691 advisory. The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox,...

Astra Linux - уязвимость в exiv2

In Exiv2 0.26, the Exiv2::IptcParser::decode function in iptc.cpp called from psdimage.cpp in the PSD image reader may experience a denial of service attack due to a heap-based buffer overflow, caused by an integer overflow occurring through a specially crafted PSD image file...

RockyLinux 9 : gimp (RLSA-2026:16484)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:16484 advisory. gimp: GIMP:Memory disclosure and denial of service via specially crafted PCX image CVE-2026-4887 gimp: GIMP: Remote Code Execution via XPM File Parsing...

Pillow has an OOB Write with Invalid PSD Tile Extents (Integer Overflow)

Impact Processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution. Patches Patched version: 12.2.0 Pillow 12.1.1 addressed CVE-2026-25990 by adding checks for tile extents in PSD image decoding/encoding to prevent an out-of-bounds...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the setimage functions in encode.c and decode.c, which are exploitable via Image.open. An attacker can execute arbitrary code by supplying a malicious PSD image file with tile dimensions that trigger integer...

CLSA-2026-1777455968 exiv2: Fix of CVE-2026-27631

CVE-2026-27631: fix integer overflow in preview component of PSD image parser...

Security Bulletin: IBM Edge Data Collector uses pillow-10.3.0-cp39-cp39-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2026-25990.

Summary IBM Edge Data Collector uses pillow-10.3.0-cp39-cp39-manylinux228x8664.whl which is vulnerable to CVE-2026-25990. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-25990 DESCRIPTION: Pillow is a Python imaging library. From 10.3.0 to...

openSUSE 16 Security Update : python-Pillow (openSUSE-SU-2026:20458-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20458-1 advisory. - CVE-2026-25990: Fixed an out-of-bounds write when opening a specially crafted PSD image. bsc1258125 Tenable has extracted the preceding description...

Security update for python-Pillow (important)

openSUSE security update: security update for python-pillow ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20458-1 Rating: important References: bsc1258125 Cross-References: CVE-2026-25990 CVSS scores: CVE-2026-25990 SUSE : 7.5...

SUSE-SU-2026:20992-1 Security update for python-Pillow

This update for python-Pillow fixes the following issues: - CVE-2026-25990: Fixed an out-of-bounds write when opening a specially crafted PSD image. bsc1258125...

OPENSUSE-SU-2026:20458-1 Security update for python-Pillow

This update for python-Pillow fixes the following issues: - CVE-2026-25990: Fixed an out-of-bounds write when opening a specially crafted PSD image. bsc1258125...

pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image

A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure...

pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image

A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure...

CVE-2026-26246

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to bound memory allocation when processing PSD image files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted PSD file. Mattermost Advisory I...

Amazon Linux 2023 : python3-pillow, python3-pillow-devel, python3-pillow-tk (ALAS2023-2026-1452)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1452 advisory. Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1. CVE-2026-2599...

SUSE CVE-2026-25990

Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, an out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1...

UBUNTU-CVE-2026-25990

Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, an out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1...

CVE-2026-25990

Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, an out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1...

CVE-2026-25990

Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, an out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1...