CVE-2026-42308

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Pillow versions prior to 12.2.0

Description An integer overflow can occur when the library tracks the current position if a font advances for each glyph by an excessively large amount.

Recommendations Update to version 12.2.0.

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

BIT-PILLOW-2026-42308

CVE-2026-42308

ECHO-784C-565E-18BC

GHSA-WJX4-4JCJ-G98J

PYSEC-2026-165

Affected Products

Pillow

CVE-2026-42308

Weakness Enumeration

Related Identifiers

Affected Products

References · 18