CVE-2026-42308

MEDIUM SEVERITY

Vulnerability Description

Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0.

Vulnerability Details

Published Date

May 04, 2026

Last Modified

May 09, 2026

CWE ID

CWE-190

Source

GitHub

Vendor

pip

Product

pillow

External References

https://github.com/python-pillow/Pillow/security/advisories/GHSA-wjx4-4jcj-g98j
https://github.com/advisories/GHSA-wjx4-4jcj-g98j

CVE-2026-42308

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment