CNNVD-202602-1823 Information

CNNVD ID

CNNVD-202602-1823

Related CVE

CVE-2026-25990

• CNNVD Published: 2026-02-11

Description (Chinese)

Pillow是Pillow开源的一款基于Python的图像处理库。 Pillow 10.3.0至12.1.1之前版本存在缓冲区错误漏洞，该漏洞源于加载特制PSD图像时可能触发越界写入。

Description (English)

Pillow is an image-processing library based on Python. Prior to Pillow 10.3.0 to 12.1.1, there was an error loophole in the buffer zone, which resulted from the possibility of triggering cross-border writing when loading a special PSD image.

Hazard Level

Medium

Vulnerability Type

缓冲区错误

Affected Vendor

Pillow

Published

2026-02-11

Last Modified

2026-02-24

References

https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc https://access.redhat.com/security/cve/cve-2026-25990

Patch

https://github.com/python-pillow/Pillow/releases