Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
PythonPillow10.3.0

3 matches found

CVE
CVEβ€’added 2026/02/11 8:53 p.m.β€’30 views

CVE-2026-25990

CVE-2026-25990 : Pillow (Python Imaging Library) contains an out-of-bounds write when loading a specially crafted PSD image. Affected versions are 10.3.0 up to before 12.1.1; the issue is fixed in 12.1.1. The provided documents do not specify exploit status or in-the-wild details beyond this fix.

8.6CVSS6.4AI score0.00014EPSS
CVE
CVEβ€’added 2026/04/15 10:53 p.m.β€’22 views

CVE-2026-40192

Pillow (Python imaging library) versions 10.3.0–12.1.1 are affected by a FITS-related decompression bomb: unbounded memory consumption from GZIP data during decoding, potentially leading to DoS. A fix is available in Pillow 12.2.0; if upgrading isn’t possible, users should avoid opening FITS imag...

8.7CVSS5.8AI score0.00018EPSS
CVE
CVEβ€’added 2026/05/09 4:11 a.m.β€’12 views

CVE-2026-42311

CVE-2026-42311 affects the Pillow Python imaging library. From version 10.3.0 up to, but not including, 12.2.0, processing a malicious PSD file can trigger an out-of-bounds/invalid PSD tile extents write, leading to memory corruption with potential crash or arbitrary code execution. The issue has...

8.6CVSS6AI score0.00022EPSS