2 matches found
CVE-2020-10571
The CVE-2020-10571 issue affects psd-tools prior to v1.9.4, where the Cython implementation of RLE decoding fails to validate input data. This can be triggered by malicious or malformed PSD input, with documented advisories describing a related buffer overflow scenario when the Cython path is use...
CVE-2026-27809
psd-tools (Python) prior to v1.12.2 is vulnerable when parsing PSD files with malformed RLE-compressed image data: decode_rle() can raise ValueError that was not caught, causing psd.composite() and psd-tools export to crash. The fix in v1.12.2 wraps the decode_rle() call in a try/except so that t...