QwikSec

Security Database

CVE

CWE

Training

CVE-2026-42311

Published: May 9, 2026

Modified: May 12, 2026

PUBLISHED

Description

Pillow is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution. This issue has been patched in version 12.2.0.

Vendor	Product	Versions
python-pillow	Pillow	affected `>= 10.3.0, < 12.2.0`

Weaknesses (CWE)

References

https://github.com/python-pillow/Pillow/security/advisories/GHSA-pwv6-vv43-88gr

x_refsource_CONFIRM

https://github.com/python-pillow/Pillow/pull/9520

x_refsource_MISC

https://github.com/python-pillow/Pillow/commit/58f9a1d166dcb0c274807d4423522d205b0c35ea

x_refsource_MISC

https://github.com/python-pillow/Pillow/releases/tag/12.2.0

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2026-42311 - Security Vulnerability | QwikSec