CVE-2026-42310

MEDIUM SEVERITY

Vulnerability Description

Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This issue has been patched in version 12.2.0.

Vulnerability Details

Published Date

May 04, 2026

Last Modified

May 09, 2026

CWE ID

CWE-835

Source

GitHub

Vendor

pip

Product

pillow

External References

https://github.com/python-pillow/Pillow/security/advisories/GHSA-r73j-pqj5-w3x7
https://github.com/python-pillow/Pillow/pull/9519
https://github.com/advisories/GHSA-r73j-pqj5-w3x7

CVE-2026-42310

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment