← volver
CVE-2026-42308

Pillow: Integer overflow when processing fonts

CVSS 5.1 MEDIUMEPSS 0.1%CWE-190
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 5.1EPSS 0.1%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
09 may 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Productos afectados
python-pillow · Pillow

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/python-pillow/Pillow/releases/tag/12.2.0https://github.com/python-pillow/Pillow/security/advisories/GHSA-wjx4-4jcj-g98j