DEBIAN-CVE-2026-25990

DEBIAN-CVE-2026-25990 PUBLISHED CVSS 7.5 HIGH

Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, an out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:14	pillow	0, 11.1.0-5, 12.0.0-1
Debian:13	pillow	0, 11.1.0-5, 0

Timeline

Feb 11, 2026 CVE Published
May 1, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2026-25990 advisory

Open in Interactive Console →