216.73.216.170

CVE-2026-42310

· Published 09/05/2026 06:16 · Modified 09/05/2026 06:16

Labels: CVE-2026-42310 2026-05-09CVE-2026-42310CWE-835[email protected]

Essential information

Published
09/05/2026 06:16
Modified
09/05/2026 06:16
Author
Creator
CVSS
5.1 MEDIUM (v3) 5.1 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This issue has been patched in version 12.2.0.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
python / pillow cpe:2.3:a:python:pillow:4.2.0-12.2.0:*:*:*:*:*:*:*

References