2 matches found
CVE-2026-59204
Affected software: Pillow (Python imaging library). Vulnerability details: In Pillow versions 8.2.0–12.2.0, the decoder path in src/libImaging/Jpeg2KDecode.c aggregates total_component_width across every tile of a JPEG2000 image instead of recomputing per tile. This can cause a crafted tiled JPEG...
CVE-2026-59204 Pillow JPEG2000 tiled decode retains a growing scratch buffer and can be used for denial of service
Pillow is a Python imaging library. From 8.2.0 through 12.2.0, src/libImaging/Jpeg2KDecode.c accumulates totalcomponentwidth across every tile in a JPEG2000 image instead of recomputing it per tile, allowing a crafted tiled JPEG2000 file to force substantially higher transient memory usage and...