Lucene search
K

16 matches found

CVE
CVE
added 2026/02/11 8:53 p.m.68 views

CVE-2026-25990

CVE-2026-25990 : Pillow (Python Imaging Library) contains an out-of-bounds write when loading a specially crafted PSD image. Affected versions are 10.3.0 up to before 12.1.1; the issue is fixed in 12.1.1. The provided documents do not specify exploit status or in-the-wild details beyond this fix.

8.6CVSS6.4AI score0.00367EPSS
CVE
CVE
added 2026/04/15 10:53 p.m.63 views

CVE-2026-40192

Pillow (Python imaging library) versions 10.3.0–12.1.1 are affected by a FITS-related decompression bomb: unbounded memory consumption from GZIP data during decoding, potentially leading to DoS. A fix is available in Pillow 12.2.0; if upgrading isn’t possible, users should avoid opening FITS imag...

8.7CVSS5.8AI score0.00671EPSS
CVE
CVE
added 2026/05/09 4:9 a.m.60 views

CVE-2026-42308

Pillow CVE-2026-42308 describes an integer overflow in font handling that occurs when a glyph advances by an excessively large amount. Affected is Pillow before version 12.2.0; the issue is resolved in 12.2.0. The CVSS vector indicates local, low complexity access with no privileges required and ...

5.5CVSS5.8AI score0.00114EPSS
CVE
CVE
added 2026/05/09 4:10 a.m.57 views

CVE-2026-42310

CVE-2026-42310 affects the Pillow Python imaging library. The vulnerability lies in the PdfParser logic: Pdf trailers’ Prev pointers can reference already-processed offsets, creating a cycle that causes an infinite loop and 100% CPU usage, potentially hanging the process. Affected versions are Pi...

5.5CVSS5.7AI score0.00126EPSS
CVE
CVE
added 2026/05/09 4:11 a.m.29 views

CVE-2026-42311

CVE-2026-42311 affects the Pillow Python imaging library. From version 10.3.0 up to, but not including, 12.2.0, processing a malicious PSD file can trigger an out-of-bounds/invalid PSD tile extents write, leading to memory corruption with potential crash or arbitrary code execution. The issue has...

8.6CVSS6AI score0.0015EPSS
CVE
CVE
added 2026/07/06 6:46 p.m.27 views

CVE-2026-54059

Pillow (Python imaging library) contains CVE-2026-54059. The vulnerability affects PcfFontFile._load_bitmaps(), which reads glyph dimensions from the PCF METRICS section and passes them to Image.frombytes() without calling Image._decompression_bomb_check(). This can lead to excessive memory alloc...

7.5CVSS6AI score0.00354EPSS
CVE
CVE
added 2026/05/09 4:8 a.m.25 views

CVE-2026-42309

CVE-2026-42309 affects the Pillow Python imaging library. From 11.2.1 up to 11.2.x before 12.2.0, passing nested lists as coordinates to APIs like ImagePath.Path, ImageDraw.ImageDraw.polygon, and ImageDraw.ImageDraw.line could cause a heap-based buffer overflow because nested coordinates were rec...

5.5CVSS5.8AI score0.00133EPSS
CVE
CVE
added 2026/07/06 6:52 p.m.21 views

CVE-2026-55379

Pillow (Python imaging library) is affected by CVE-2026-55379. In older releases, PIL/BdfFontFile.py:bdf_char() read BBX width/height from a BDF font and passed attacker-controlled values to Image.new() without invoking Image._decompression_bomb_check(), bypassing the library’s decompression bomb...

7.5CVSS6AI score0.00364EPSS
CVE
CVE
added 2026/07/06 6:50 p.m.18 views

CVE-2026-55380

Pillow (Python imaging library) vulnerability: Prior to 12.3.0, in GdImageFile._open(), image dimensions were read from the GD 2.x header and stored in self._size without invoking Image._decompression_bomb_check(), allowing a crafted .gd file to trigger excessive C-heap allocation. Impact: potent...

7.5CVSS6AI score0.00361EPSS
CVE
CVE
added 2026/07/06 6:49 p.m.15 views

CVE-2026-54060

The issue affects Pillow (Python imaging library). In FontFile.compile(), per-glyph images were assembled into a single bitmap using Image.new("1", (xsize, ysize)) without calling Image._decompression_bomb_check(), enabling an attacker to trigger excessive memory allocation during conversion or s...

7.5CVSS6AI score0.00361EPSS
CVE
CVE
added 2026/07/06 6:44 p.m.15 views

CVE-2026-55798

Pillow vulnerability CVE-2026-55798 affects WindowsViewer.get_command() in Pillow prior to 12.3.0. It builds a shell command by unescaped file path injected into an f-string and passes it to subprocess.Popen(..., shell=True), enabling injection of arbitrary cmd.exe commands. Impact is limited to ...

4.5CVSS6AI score0.00136EPSS
CVE
CVE
added yesterday8 views

CVE-2026-59204

Affected software: Pillow (Python imaging library). Vulnerability details: In Pillow versions 8.2.0–12.2.0, the decoder path in src/libImaging/Jpeg2KDecode.c aggregates total_component_width across every tile of a JPEG2000 image instead of recomputing per tile. This can cause a crafted tiled JPEG...

8.7CVSS6.1AI score
CVE
CVE
added yesterday6 views

CVE-2026-59198

Pillow is a Python imaging library. From 5.2.0 until 12.3.0, Pillow's TGA RLE encoder reads past its packed row buffer when saving a mode 1 image with TGA RLE compression, allowing adjacent process heap bytes to be copied into the generated TGA file. This issue is fixed in version 12.3.0.

7.5CVSS6.1AI score
CVE
CVE
added yesterday6 views

CVE-2026-59203

Pillow is a Python imaging library. From 12.0.0 through 12.2.0, Pillow's EPS parser in PIL/EpsImagePlugin.py accepts a negative byte count in the %%BeginBinary directive, allowing a crafted EPS file to cause Image.open() to seek backwards to the same directive and parse it repeatedly in an infini...

7.5CVSS6.1AI score
CVE
CVE
added yesterday5 views

CVE-2026-59199

Pillow (Python imaging library) prior to 12.3.0 is affected by a heap out-of-bounds write in public image coordinate APIs when coordinates near signed 32-bit limits are provided to Image.paste(), Image.crop(), or Image.alpha_composite(). The issue is fixed in 12.3.0. Affected component: Pillow’s ...

7.5CVSS6.1AI score
CVE
CVE
added yesterday5 views

CVE-2026-59205

Pillow (Python imaging library) contains a vulnerability in ImageCmsTransform.apply(im, imOut): before version 12.3.0, supplying an output image whose mode does not match the transform’s declared output mode can trigger a controlled native heap corruption. Affected component is ImageCmsTransform....

7.5CVSS6.1AI score