216.73.216.170

CVE-2026-42309

· Published 09/05/2026 06:16 · Modified 09/05/2026 06:16

Labels: CVE-2026-42309 2026-05-09CVE-2026-42309CWE-122[email protected]

Essential information

Published
09/05/2026 06:16
Modified
09/05/2026 06:16
Author
Creator
CVSS
5.1 MEDIUM (v3) 5.1 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Pillow is a Python imaging library. From version 11.2.1 to before version 12.2.0, passing nested lists as coordinates to APIs that accept coordinates such as ImagePath.Path, ImageDraw.ImageDraw.polygon and ImageDraw.ImageDraw.line could cause a heap buffer overflow, as nested lists were recursively unpacked beyond the allocated buffer. Coordinate lists are now validated to contain exactly two numeric coordinates. This issue has been patched in version 12.2.0.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
pillow / pillow cpe:2.3:a:pillow:pillow:11.2.1-*:*:*:*:*:*:*
pillow / pillow cpe:2.3:a:pillow:pillow:<12.2.0:*:*:*:*:*:*:*

References