VDB

DEBIAN-CVE-2026-42308

DEBIAN-CVE-2026-42308 PUBLISHED CVSS 5.5 MEDIUM

Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0.

Risk Scores

CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Debian:11pillow8.1.2+dfsg, 8.1.2+dfsg, 8.1.2+dfsg
Debian:12pillow9.4.0-1.1, 10.0.0-1, 10.1.0-1
Debian:13pillow12.2.0-1, 12.1.1-2, 12.1.1-1
Debian:14pillow12.1.1-2, 12.1.1-1, 12.1.0-1

Timeline

  • May 9, 2026 CVE Published
  • May 13, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›