Buffer overflow in Python Pillow

CVE-2026-59205

Pillow is a Python imaging library. Prior to 12.3.0, Pillow's ImageCms.ImageCmsTransform.apply(im, imOut) API can trigger controlled native heap corruption when the caller supplies an output image whose mode does not match the transform's…

Vulnerability class: Buffer Overflow

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2026-59205?
CVE-2026-59205 is a high-severity vulnerability in Python Pillow, classified under Out-of-bounds Write. CVSS score: 7.5/10. Published 2026-07-14.
How severe is CVE-2026-59205?
High severity. CVSS v3 base score is 7.5 out of 10.