VDB
DEBIAN-CVE-2026-42308
DEBIAN-CVE-2026-42308
PUBLISHED
CVSS 5.5 MEDIUM
Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0.
Risk Scores
CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | pillow | 8.1.2+dfsg, 8.1.2+dfsg, 8.1.2+dfsg |
| Debian:12 | pillow | 9.4.0-1.1, 10.0.0-1, 10.1.0-1 |
| Debian:13 | pillow | 12.2.0-1, 12.1.1-2, 12.1.1-1 |
| Debian:14 | pillow | 12.1.1-2, 12.1.1-1, 12.1.0-1 |
Timeline
- May 9, 2026 CVE Published
- May 13, 2026 CVE Updated