CVE-2026-42308

Published May 9th, 2026

View on NVD ↗

CVSS v3

5.5

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0.

python-pillow/Pillow

Python Imaging Library (fork)

GitHub

13.6K