Denial of Service Vulnerability in Pillow Python Imaging Library
CVE-2026-42310

5.1MEDIUM

Key Information:

Vendor

Python-pillow

Status
Pillow
Vendor
CVE Published:
9 May 2026

What is CVE-2026-42310?

The Pillow Python imaging library, which is widely used for image processing, is susceptible to a Denial of Service (DoS) vulnerability. Attackers can exploit this flaw by submitting a specially crafted PDF file, causing the application to hang indefinitely and consume excessive CPU resources, leaving it unresponsive. This critical issue affects versions from 4.2.0 up to just before 12.2.0 but has been effectively resolved in version 12.2.0.

Affected Version(s)

Pillow >= 4.2.0, < 12.2.0

References

https://github.com/python-pillow/Pillow/security/advisori...
x_refsource_CONFIRM
https://github.com/python-pillow/Pillow/pull/9519
x_refsource_MISC
https://github.com/python-pillow/Pillow/commit/3bf614e4b8...
x_refsource_MISC

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.