{"id":"PYSEC-2026-2249","details":"Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, an out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.","aliases":["BIT-pillow-2026-25990","CVE-2026-25990","GHSA-cfh3-3jmp-rvhc"],"modified":"2026-07-13T07:26:49.514806069Z","published":"2026-02-11T21:16:20.670Z","references":[{"type":"WEB","url":"https://access.redhat.com/security/cve/CVE-2026-25990"},{"type":"WEB","url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25990.json"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:10184"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:14873"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:14874"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:16174"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:19712"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:28385"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:3461"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:3462"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:4128"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:4942"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:5168"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:5665"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:6277"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:6278"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:6308"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:6309"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:6497"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:6567"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:6568"},{"type":"ADVISORY","url":"https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2439170"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2026/02/12/1"},{"type":"FIX","url":"https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa"}],"affected":[{"package":{"name":"pillow","ecosystem":"PyPI","purl":"pkg:pypi/pillow"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10.3.0"},{"fixed":"12.1.1"}]}],"versions":["10.3.0","10.4.0","11.0.0","11.1.0","11.2.1","11.3.0","12.0.0","12.1.0"],"ecosystem_specific":{},"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/pillow/PYSEC-2026-2249.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}