Skip to main content

Pillow CVE-2026-42308

| EUVDEUVD-2026-28900 MEDIUM
Integer Overflow or Wraparound (CWE-190)
2026-05-04 https://github.com/python-pillow/Pillow GHSA-wjx4-4jcj-g98j
5.1
CVSS 4.0 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
5.1 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
SUSE
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Red Hat
6.2 MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Source Code Evidence Fetched
May 04, 2026 - 21:02 vuln.today
Analysis Generated
May 04, 2026 - 21:02 vuln.today

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 347 pypi packages depend on pillow (170 direct, 183 indirect)

Ecosystem-wide dependent count for version 12.2.0.

DescriptionGitHub Advisory

If a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This has been fixed.

AnalysisAI

Integer overflow in Pillow's font glyph processing allows remote code execution or denial of service when handling maliciously crafted fonts with extremely large glyph advance values. Pillow versions before 12.2.0 are affected. The vulnerability is triggered during font rendering operations where position tracking accumulates glyph advances without proper bounds checking, leading to wraparound arithmetic that can corrupt memory or crash the interpreter.

Technical ContextAI

Pillow is a Python Imaging Library that processes fonts and renders text. When rendering glyphs from a TrueType or OpenType font, the library tracks the current horizontal position by accumulating the advance width of each glyph. The vulnerability exists in this position-tracking logic: if a single glyph's advance value is extremely large (close to or exceeding the maximum value of a signed integer), adding it to the current position causes an integer overflow. On systems using 32-bit integers, this overflow wraps the position to a negative or small positive value, corrupting subsequent memory writes or reads during glyph rendering. The root cause is improper input validation and lack of bounds checking before arithmetic operations on font metrics (CWE-190: Integer Overflow or Wraparound).

RemediationAI

Upgrade Pillow to version 12.2.0 or later immediately. This is the vendor-released patch that resolves the integer overflow. Run 'pip install --upgrade pillow>=12.2.0' to update existing installations. For applications that cannot upgrade immediately, implement input validation to reject fonts with unusually large glyph advance values before passing them to Pillow's rendering functions. Additionally, restrict font file sources to trusted origins and disable automatic font processing for untrusted user inputs. If using Pillow in a containerized environment, rebuild container images with the patched version and redeploy. Monitor application logs for font processing errors or crashes that may indicate exploitation attempts.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Module for Package Hub 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS Affected
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS Affected
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS Affected
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS Affected

Share

CVE-2026-42308 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy