Search CVE reports


Toggle filters

1 – 10 of 58 results


CVE-2026-59200

Medium priority
Needs evaluation

Pillow is a Python imaging library. From 5.1.0 until 12.3.0, PdfParser.PdfStream.decode() in PIL/PdfParser.py calls zlib.decompress() with bufsize set to the PDF stream Length field without bounding the decompressed output size,...

2 affected packages

pillow, pillow-python2

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pillow Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
pillow-python2 Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2026-59197

Medium priority
Needs evaluation

Pillow is a Python imaging library. Prior to 12.3.0, Pillow's public rank-filter API can trigger a native heap out-of-bounds write when given a very large odd filter size because ImageFilter.RankFilter.filter()...

2 affected packages

pillow, pillow-python2

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pillow Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
pillow-python2 Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2026-54058

Medium priority
Needs evaluation

Pillow is a Python imaging library. Prior to 12.3.0, when Pillow loads an uncompressed McIdas AREA image from a filename through the mmap raw codec path, attacker-controlled header words can set a row stride smaller than the...

2 affected packages

pillow, pillow-python2

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pillow Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
pillow-python2 Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2026-59205

Medium priority
Needs evaluation

Pillow is a Python imaging library. Prior to 12.3.0, Pillow's ImageCms.ImageCmsTransform.apply(im, imOut) API can trigger controlled native heap corruption when the caller supplies an output image whose mode does not match the...

2 affected packages

pillow, pillow-python2

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pillow Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
pillow-python2 Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2026-59204

Medium priority
Needs evaluation

Pillow is a Python imaging library. From 8.2.0 through 12.2.0, src/libImaging/Jpeg2KDecode.c accumulates total_component_width across every tile in a JPEG2000 image instead of recomputing it per tile, allowing a crafted tiled...

2 affected packages

pillow, pillow-python2

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pillow Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
pillow-python2 Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2026-59203

Medium priority
Needs evaluation

Pillow is a Python imaging library. From 12.0.0 through 12.2.0, Pillow's EPS parser in PIL/EpsImagePlugin.py accepts a negative byte count in the %%BeginBinary directive, allowing a crafted EPS file to cause Image.open() to seek...

2 affected packages

pillow, pillow-python2

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pillow Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
pillow-python2 Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2026-59199

Medium priority
Needs evaluation

Pillow is a Python imaging library. Prior to 12.3.0, Pillow public image coordinate APIs can trigger a native heap out-of-bounds write when given coordinates near the signed 32-bit integer limits in Image.paste(), Image.crop(), or...

2 affected packages

pillow, pillow-python2

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pillow Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
pillow-python2 Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2026-59198

Medium priority
Needs evaluation

Pillow is a Python imaging library. From 5.2.0 until 12.3.0, Pillow's TGA RLE encoder reads past its packed row buffer when saving a mode 1 image with TGA RLE compression, allowing adjacent process heap bytes to be copied into the...

2 affected packages

pillow, pillow-python2

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pillow Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
pillow-python2 Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2026-55798

Medium priority
Needs evaluation

Pillow is a Python imaging library. Prior to 12.3.0, WindowsViewer.get_command() constructed a cmd.exe shell command by directly embedding a file path into an f-string without escaping and passed the result to...

2 affected packages

pillow, pillow-python2

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pillow Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
pillow-python2 Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2026-55380

Medium priority
Needs evaluation

Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile._open() read image dimensions from the GD 2.x header and stored them in self._size without calling Image._decompression_bomb_check(), allowing a...

2 affected packages

pillow, pillow-python2

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pillow Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
pillow-python2 Not in release Not in release Not in release Needs evaluation
Show less packages