Python Imaging Library Vulnerability in Pillow Affects GD Image Files
CVE-2026-55380
7.5HIGH
What is CVE-2026-55380?
The Pillow imaging library, widely used for handling image processing in Python applications, contains a vulnerability that allows a crafted .gd file to trigger excessive memory allocation when loaded. This issue arises in the GdImageFile._open() function, where image dimensions read from the GD 2.x header are stored without performing a proper decompression bomb check. This oversight can be exploited to impact system performance and stability. The issue is resolved in version 12.3.0, making it crucial for users to upgrade to this version to mitigate the risk.
Affected Version(s)
Pillow < 12.3.0
