CVE-2026-25990

HIGH SEVERITY

CVSS Score & Metrics

Base Score

7.5 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H                                    

Vulnerability Description

Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.

Vulnerability Details

Published Date

February 11, 2026

Last Modified

February 13, 2026

CWE ID

CWE-787

Source

GitHub

Vendor

pip

Product

pillow

External References

https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc
https://github.com/python-pillow/Pillow/pull/9427
https://github.com/python-pillow/Pillow/commit/54ba4db542ad3c7b918812a4e2d69c27735a3199
https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html
https://github.com/advisories/GHSA-cfh3-3jmp-rvhc

CVE-2026-25990

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment