PT-2026-58092 · Pypi · Pillow
Published
2026-07-14
·
Updated
2026-07-14
·
CVE-2026-59205
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Pillow versions prior to 12.3.0
Description
The
ImageCms.ImageCmsTransform.apply(im, imOut) API can trigger controlled native heap corruption. This occurs when the caller provides an output image whose mode is inconsistent with the transform's declared output mode.Recommendations
Update to version 12.3.0.
Exploit
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pillow