{"id":"PYSEC-2026-2248","details":"pillow_heif is a Python library for working with HEIF images and plugin for Pillow. Prior to version 1.3.0, an integer overflow in the encode path buffer validation of `_pillow_heif.c` allows an attacker to bypass bounds checks by providing large image dimensions, resulting in a heap out-of-bounds read. This can lead to information disclosure (server heap memory leaking into encoded images) or denial of service (process crash). No special configuration is required — this triggers under default settings. Version 1.3.0 fixes the issue.","aliases":["CVE-2026-28231","GHSA-5gjj-6r7v-ph3x","PYSEC-2026-2258"],"modified":"2026-07-13T07:26:30.359630077Z","published":"2026-02-27T20:21:40.697Z","references":[{"type":"ADVISORY","url":"https://github.com/bigcat88/pillow_heif/releases/tag/v1.3.0"},{"type":"FIX","url":"https://github.com/bigcat88/pillow_heif/commit/8305a15d3780c533b762578cbe987d27a2c59c7a"},{"type":"EVIDENCE","url":"https://github.com/bigcat88/pillow_heif/security/advisories/GHSA-5gjj-6r7v-ph3x"}],"affected":[{"package":{"name":"pi-heif","ecosystem":"PyPI","purl":"pkg:pypi/pi-heif"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.0"}]}],"versions":["0.10.0","0.10.1","0.11.0","0.11.1","0.12.0","0.13.0","0.13.1","0.14.0","0.15.0","0.16.0","0.17.0","0.18.0","0.20.0","0.21.0","0.22.0","0.7.0","0.7.1","0.7.2","0.8.0","0.9.0","0.9.1","0.9.2","0.9.3","1.0.0","1.1.0","1.1.1","1.2.0","1.2.1"],"ecosystem_specific":{},"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/pi-heif/PYSEC-2026-2248.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}]}