PyPI: pillow
CVE-2026-42311
Safety vulnerability ID: SFTY-20260504-05902
Safety legacy ID: pyup.io-95896
Affected versions of the pillow package are vulnerable to Out-of-bounds Write due to an integer overflow in PSD tile extent bounds checks that allow attacker-controlled tile dimensions to bypass validation in PSD image decoding and encoding. The bounds checks added in Pillow 12.1.1 to address CVE-2026-25990 use narrow integer types prone to wraparound, so a PSD image with carefully chosen tile dimensions can produce values that wrap around and pass validation while still exceeding the underlying buffer in src/decode.c and src/encode.c. A remote attacker who supplies a malicious PSD file can trigger memory corruption, potentially resulting in a crash or arbitrary code execution.
Overview
Pillow has an OOB Write with Invalid PSD Tile Extents (Integer Overflow)
Advisory
Affected versions of the pillow package are vulnerable to Out-of-bounds Write due to an integer overflow in PSD tile extent bounds checks that allow attacker-controlled tile dimensions to bypass validation in PSD image decoding and encoding. The bounds checks added in Pillow 12.1.1 to address CVE-2026-25990 use narrow integer types prone to wraparound, so a PSD image with carefully chosen tile dimensions can produce values that wrap around and pass validation while still exceeding the underlying buffer in src/decode.c and src/encode.c. A remote attacker who supplies a malicious PSD file can trigger memory corruption, potentially resulting in a crash or arbitrary code execution.
How to Fix
Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
References
- https://getsafety.com/vulnerabilities/SFTY-20260504-05902/CVE-2026-42311
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42311
- https://data.safetycli.com/changelogs/pillow/
- https://github.com/advisories/GHSA-pwv6-vv43-88gr
- https://pypi.org/project/pillow
- https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc
- https://github.com/python-pillow/Pillow/security/advisories/GHSA-pwv6-vv43-88gr
- https://github.com/python-pillow/Pillow/pull/9520
- https://nvd.nist.gov/vuln/detail/CVE-2026-42311
- https://github.com/python-pillow/Pillow/commit/58f9a1d166dcb0c274807d4423522d205b0c35ea
- https://github.com/python-pillow/Pillow/releases/tag/12.2.0
- https://github.com/advisories/GHSA-pwv6-vv43-88gr
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more