Out-of-bounds Read in Python-pillow Pillow

CVE-2026-54058

Pillow is a Python imaging library. Prior to 12.3.0, when Pillow loads an uncompressed McIdas AREA image from a filename through the mmap raw codec path, attacker-controlled header words can set a row stride smaller than the natural row wi…

Vulnerability class: Buffer Overflow

Affected products

Weakness classification (CWE)

References