Python-pillow Pillow
7 CVEs affecting Python-pillow Pillow. Latest disclosed: 2026-05-09. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-42311 | High | 7.8 | 2026-05-09 | Pillow is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malicious PSD file could lead to memory corruption, potentially… |
CVE-2026-25990 | High | 7.5 | 2026-02-11 | Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, an out-of-bounds write may be triggered when loading a specially crafted PSD image. This vuln… |
CVE-2025-48379 | High | 7.1 | 2025-07-01 | Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with d… |
CVE-2026-42310 | Medium | 5.5 | 2026-05-09 | Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefin… |
CVE-2026-42309 | Medium | 5.5 | 2026-05-09 | Pillow is a Python imaging library. From version 11.2.1 to before version 12.2.0, passing nested lists as coordinates to APIs that accept coordinates such as I… |
CVE-2026-42308 | Medium | 5.5 | 2026-05-09 | Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the cur… |
CVE-2026-40192 | | 2026-04-15 | Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making the… |