Search CVE reports


Toggle filters

1 – 10 of 70 results


CVE-2026-55798

Medium priority
Needs evaluation

Pillow is a Python imaging library. Prior to 12.3.0, WindowsViewer.get_command() constructed a cmd.exe shell command by directly embedding a file path into an f-string without escaping and passed the result to...

2 affected packages

pillow, pillow-python2

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pillow Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
pillow-python2 Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2026-55380

Medium priority
Needs evaluation

Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile._open() read image dimensions from the GD 2.x header and stored them in self._size without calling Image._decompression_bomb_check(), allowing a...

2 affected packages

pillow, pillow-python2

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pillow Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
pillow-python2 Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2026-55379

Medium priority
Needs evaluation

Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdf_char() read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new() without...

2 affected packages

pillow, pillow-python2

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pillow Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
pillow-python2 Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2026-54060

Medium priority
Needs evaluation

Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile() assembled per-glyph images into a combined bitmap with Image.new("1", (xsize, ysize)) without calling Image._decompression_bomb_check(),...

2 affected packages

pillow, pillow-python2

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pillow Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
pillow-python2 Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2026-54059

Medium priority
Needs evaluation

Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py _load_bitmaps() read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes() without...

2 affected packages

pillow, pillow-python2

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pillow Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
pillow-python2 Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2026-42311

Medium priority

Some fixes available 2 of 3

Pillow is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution. This issue has been...

2 affected packages

pillow, pillow-python2

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pillow Fixed Not affected Not affected Not affected Not affected
pillow-python2 Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2026-42310

Medium priority

Some fixes available 4 of 9

Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This...

2 affected packages

pillow, pillow-python2

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pillow Fixed Fixed Fixed Needs evaluation Needs evaluation
pillow-python2 Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2026-42309

Medium priority
Fixed

Pillow is a Python imaging library. From version 11.2.1 to before version 12.2.0, passing nested lists as coordinates to APIs that accept coordinates such as ImagePath.Path, ImageDraw.ImageDraw.polygon and ImageDraw.ImageDraw.line...

2 affected packages

pillow, pillow-python2

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pillow Fixed Not affected Not affected Not affected Not affected
pillow-python2 Not in release Not in release Not in release Not affected
Show less packages

CVE-2026-42308

Medium priority

Some fixes available 4 of 9

Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been...

2 affected packages

pillow, pillow-python2

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pillow Fixed Fixed Fixed Needs evaluation Needs evaluation
pillow-python2 Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2026-40192

Medium priority
Fixed

Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks. A specially crafted FITS...

2 affected packages

pillow, pillow-python2

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pillow Fixed Not affected Not affected Not affected Not affected
pillow-python2 Not in release Not in release Not in release Not affected
Show less packages