QwikSec

Security Database

CVE

CWE

Training

CVE-2026-42308

Published: May 9, 2026

Modified: May 11, 2026

PUBLISHED

Description

Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0.

Vendor	Product	Versions
python-pillow	Pillow	affected `< 12.2.0`

Weaknesses (CWE)

References

https://github.com/python-pillow/Pillow/security/advisories/GHSA-wjx4-4jcj-g98j

x_refsource_CONFIRM

https://github.com/python-pillow/Pillow/releases/tag/12.2.0

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.