CVE-2026-42311

HIGH SEVERITY

Vulnerability Description

Pillow is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution. This issue has been patched in version 12.2.0.

Vulnerability Details

Published Date

May 04, 2026

Last Modified

May 09, 2026

CWE ID

CWE-190

Source

GitHub

Vendor

pip

Product

pillow

External References

https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc
https://github.com/python-pillow/Pillow/security/advisories/GHSA-pwv6-vv43-88gr
https://github.com/python-pillow/Pillow/pull/9520
https://github.com/advisories/GHSA-pwv6-vv43-88gr

CVE-2026-42311

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment