CVE-2026-42311

Summary

Pillow is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution. This issue has been patched in version 12.2.0.

Affected Software

VendorProductVersion RangeStatus
python-pillowPillow>= 10.3.0, < 12.2.0affected

Weaknesses

  • CWE-190: CWE-190: Integer Overflow or Wraparound
  • CWE-787: CWE-787: Out-of-bounds Write

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References