Out-of-Bounds Write Vulnerability in Pillow Imaging Library by Python
CVE-2026-59199
7.5HIGH
What is CVE-2026-59199?
The Pillow imaging library, prior to version 12.3.0, is susceptible to an out-of-bounds write vulnerability that can be triggered via public image coordinate APIs. This issue arises when coordinates near the signed 32-bit integer limits are used in functions like Image.paste(), Image.crop(), or Image.alpha_composite(), potentially leading to serious memory corruption. Users are advised to upgrade to version 12.3.0 to mitigate this risk.
Affected Version(s)
Pillow < 12.3.0
