CVE-2026-59198
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L
Summary
Pillow is a Python imaging library. From 5.2.0 until 12.3.0, Pillow's TGA RLE encoder reads past its packed row buffer when saving a mode 1 image with TGA RLE compression, allowing adjacent process heap bytes to be copied into the generated TGA file. This issue is fixed in version 12.3.0.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| python-pillow | Pillow | >= 5.2.0, < 12.3.0 | affected |
Weaknesses
- CWE-125: CWE-125: Out-of-bounds Read
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
Additional References
References
- https://github.com/python-pillow/Pillow/security/advisories/GHSA-fj7v-r99m-22gq
- https://github.com/python-pillow/Pillow/pull/9709
- https://github.com/python-pillow/Pillow/commit/eada3cbd7fb9963ee90673fb7b5270124a0d5f4b
- https://github.com/python-pillow/Pillow/releases/tag/12.3.0
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.