JustAppSec
MEDIUM SeverityCVSS 4.05.1CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

CVE-2026-42308

Last updated May 09, 2026 · Published May 09, 2026

← Back to list

Description

Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0.

Affected products

1 listed
  • python-pillow:Pillow

Mappings

CWE

CWE-190

CAPEC

None listed.

CVE® content © MITRE Corporation. Licensed under the CVE Terms of Use. Terms

Need help?Get in touch.