Integer Overflow Vulnerability in Pillow Imaging Library by Python Software Foundation
CVE-2026-42308

5.1MEDIUM

Key Information:

Vendor: Python-pillow
Status: Pillow
Vendor: CVE Published:; 9 May 2026

🔔 Create Python-pillow Vulnerability Alert

What is CVE-2026-42308?

The Pillow imaging library, utilized for processing images in Python, faces a vulnerability that may lead to integer overflow when it encounters excessively large font advances. This issue arises when the library maintains the current position while rendering glyphs, potentially resulting in unintended behavior or crashes. The flaw has been resolved in version 12.2.0, ensuring that users of the library can operate securely and efficiently without exposure to this specific threat.

Affected Version(s)

Pillow < 12.2.0

References

https://github.com/python-pillow/Pillow/security/advisori...

x_refsource_CONFIRM

https://github.com/python-pillow/Pillow/releases/tag/12.2.0

x_refsource_MISC

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 9, 2026
Vulnerability Reserved
Apr 26, 2026

CVE-2026-42308 Data

JSON