PyPI: pillow
CVE-2026-25990
Safety vulnerability ID: SFTY-20260211-29113
Safety legacy ID: pyup.io-86269
Affected versions of the Pillow package are vulnerable to an Out-of-bounds Write issue due to insufficient validation of tile extents when decoding PSD image data. When Image.open() loads a PSD and the decoder paths in src/decode.c and src/encode.c process tile offsets and sizes, negative xoff/yoff values (and related invalid extents) can bypass expected bounds checks and lead to writes outside the intended image buffer.
Overview
Pillow affected by out-of-bounds write when loading PSD images
Advisory
Affected versions of the Pillow package are vulnerable to an Out-of-bounds Write issue due to insufficient validation of tile extents when decoding PSD image data. When Image.open() loads a PSD and the decoder paths in src/decode.c and src/encode.c process tile offsets and sizes, negative xoff/yoff values (and related invalid extents) can bypass expected bounds checks and lead to writes outside the intended image buffer.
How to Fix
Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
References
- https://getsafety.com/vulnerabilities/SFTY-20260211-29113/CVE-2026-25990
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25990
- https://github.com/advisories/GHSA-cfh3-3jmp-rvhc
- https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc
- https://github.com/python-pillow/Pillow/pull/9427
- https://github.com/python-pillow/Pillow/commit/54ba4db542ad3c7b918812a4e2d69c27735a3199
- https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html
- https://nvd.nist.gov/vuln/detail/CVE-2026-25990
- https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa
- https://github.com/advisories/GHSA-cfh3-3jmp-rvhc
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more