CVE-2026-25990

High CVSS: 8.9

Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.

Vendor

Python

Product

Pillow

CWE

CWE-787

Yayın Tarihi

2026-02-11 21:16:20

Güncelleme

2026-02-13 21:32:55

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-787 Pillow HIGH Python 2026

Referanslar

https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc http://www.openwall.com/lists/oss-security/2026/02/12/1

Benzer Kayıtlar

Medium

CVE-2026-25645

Requests is a HTTP library. Prior to version 2.33.0, the `requests.utils.extract_zipped_paths()` utility function uses a…

High

CVE-2026-32274

Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is comp…

High

CVE-2026-31900

Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action suppo…

Medium

CVE-2025-12781

When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the "base64" module the…

High

CVE-2026-21441

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HT…

High

CVE-2025-66471

urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API…