Memory Allocation Vulnerability in Pillow Python Imaging Library
CVE-2026-54059
7.5HIGH
What is CVE-2026-54059?
A memory allocation vulnerability in the Pillow Python imaging library allows crafted PCF font data to bypass decompression checks. This can result in excessive memory usage when glyph dimensions from the PCF METRICS section are read directly by the imaging library’s method (_load_bitmaps()). The issue has been addressed in version 12.3.0, making it critical for users to update to prevent potential denial of service caused by this flaw.
Affected Version(s)
Pillow < 12.3.0
