CVE-2026-25990

Published: Feb 11, 2026

Modified: Apr 30, 2026

PUBLISHED

Description

Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, an out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.

Vendor	Product	Versions
python-pillow	Pillow	affected `>= 10.3.0, < 12.1.1`

Weaknesses (CWE)

CWE-787

References

https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc

x_refsource_CONFIRM

https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-25990

Description

Affected Products

Weaknesses (CWE)

References