TGA RLE Encoder Vulnerability in Pillow Python Imaging Library
CVE-2026-59198
6.5MEDIUM
What is CVE-2026-59198?
The Pillow library, widely used for image processing in Python applications, experiences a buffer overflow vulnerability stemming from its TGA RLE encoder. This vulnerability allows for the reading of bytes beyond the intended buffer when saving mode 1 images with TGA RLE compression. As a result, adjacent memory space can be compromised, leading to potential risks during the file writing process. The issue has been addressed and patched in version 12.3.0, emphasizing the importance of updating to secure versions to mitigate exploitation risks.
Affected Version(s)
Pillow >= 5.2.0, < 12.3.0
