Heap Corruption Vulnerability in Python Imaging Library by Pillow
CVE-2026-59205
7.5HIGH
What is CVE-2026-59205?
In the Pillow Python imaging library, a vulnerability exists in the ImageCms.ImageCmsTransform.apply method prior to version 12.3.0. This flaw can cause controlled native heap corruption if users provide an output image whose color mode does not match the expected output mode dictated by the transformation. This can potentially lead to unexpected behavior and security risks. The issue is rectified in version 12.3.0, making it essential for users to update to mitigate these risks.
Affected Version(s)
Pillow < 12.3.0
