Search

Find a vulnerability

Search criteria

    Related vulnerabilities

    CVE-2026-59205 (GCVE-0-2026-59205)

    Vulnerability from cvelistv5 – Published: 2026-07-14 15:48 – Updated: 2026-07-14 17:31
    VLAI
    Title
    Pillow: Controlled heap out-of-bounds write in `ImageCmsTransform.apply()` via output mode mismatch
    Summary
    Pillow is a Python imaging library. Prior to 12.3.0, Pillow's ImageCms.ImageCmsTransform.apply(im, imOut) API can trigger controlled native heap corruption when the caller supplies an output image whose mode does not match the transform's declared output mode. This issue is fixed in version 12.3.0.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    python-pillow Pillow Affected: < 12.3.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59205",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T17:30:37.376489Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T17:31:36.064Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-9hw9-ch79-4vh6"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Pillow",
              "vendor": "python-pillow",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 12.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Pillow is a Python imaging library. Prior to 12.3.0, Pillow\u0027s ImageCms.ImageCmsTransform.apply(im, imOut) API can trigger controlled native heap corruption when the caller supplies an output image whose mode does not match the transform\u0027s declared output mode. This issue is fixed in version 12.3.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T15:48:39.962Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-9hw9-ch79-4vh6",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-9hw9-ch79-4vh6"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/pull/9715",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/pull/9715"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/commit/a9ffc42bedf4fc0a7ef8d6486e7f9e81e3397721",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/commit/a9ffc42bedf4fc0a7ef8d6486e7f9e81e3397721"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/releases/tag/12.3.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/releases/tag/12.3.0"
            }
          ],
          "source": {
            "advisory": "GHSA-9hw9-ch79-4vh6",
            "discovery": "UNKNOWN"
          },
          "title": "Pillow: Controlled heap out-of-bounds write in `ImageCmsTransform.apply()` via output mode mismatch"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-59205",
        "datePublished": "2026-07-14T15:48:39.962Z",
        "dateReserved": "2026-07-02T21:05:02.924Z",
        "dateUpdated": "2026-07-14T17:31:36.064Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    PYSEC-2026-3453

    Vulnerability from pysec - Published: 2026-07-14 16:17 - Updated: 2026-07-15 18:13
    VLAI
    Details

    Pillow is a Python imaging library. Prior to 12.3.0, Pillow's ImageCms.ImageCmsTransform.apply(im, imOut) API can trigger controlled native heap corruption when the caller supplies an output image whose mode does not match the transform's declared output mode. This issue is fixed in version 12.3.0.

    Impacted products
    Name purl
    pillow pkg:pypi/pillow

    {
      "affected": [
        {
          "ecosystem_specific": {},
          "package": {
            "ecosystem": "PyPI",
            "name": "pillow",
            "purl": "pkg:pypi/pillow"
          },
          "ranges": [
            {
              "events": [
                {
                  "introduced": "0"
                },
                {
                  "fixed": "12.3.0"
                }
              ],
              "type": "ECOSYSTEM"
            }
          ],
          "versions": [
            "1.0",
            "1.1",
            "1.2",
            "1.3",
            "1.4",
            "1.5",
            "1.6",
            "1.7.0",
            "1.7.1",
            "1.7.2",
            "1.7.3",
            "1.7.4",
            "1.7.5",
            "1.7.6",
            "1.7.7",
            "1.7.8",
            "10.0.0",
            "10.0.1",
            "10.1.0",
            "10.2.0",
            "10.3.0",
            "10.4.0",
            "11.0.0",
            "11.1.0",
            "11.2.1",
            "11.3.0",
            "12.0.0",
            "12.1.0",
            "12.1.1",
            "12.2.0",
            "2.0.0",
            "2.1.0",
            "2.2.0",
            "2.2.1",
            "2.2.2",
            "2.3.0",
            "2.3.1",
            "2.3.2",
            "2.4.0",
            "2.5.0",
            "2.5.1",
            "2.5.2",
            "2.5.3",
            "2.6.0",
            "2.6.1",
            "2.6.2",
            "2.7.0",
            "2.8.0",
            "2.8.1",
            "2.8.2",
            "2.9.0",
            "3.0.0",
            "3.1.0",
            "3.1.0.rc1",
            "3.1.0rc1",
            "3.1.1",
            "3.1.2",
            "3.2.0",
            "3.3.0",
            "3.3.1",
            "3.3.2",
            "3.3.3",
            "3.4.0",
            "3.4.1",
            "3.4.2",
            "4.0.0",
            "4.1.0",
            "4.1.1",
            "4.2.0",
            "4.2.1",
            "4.3.0",
            "5.0.0",
            "5.1.0",
            "5.2.0",
            "5.3.0",
            "5.4.0",
            "5.4.0.dev0",
            "5.4.1",
            "6.0.0",
            "6.1.0",
            "6.2.0",
            "6.2.1",
            "6.2.2",
            "7.0.0",
            "7.1.0",
            "7.1.1",
            "7.1.2",
            "7.2.0",
            "8.0.0",
            "8.0.1",
            "8.1.0",
            "8.1.1",
            "8.1.2",
            "8.2.0",
            "8.3.0",
            "8.3.1",
            "8.3.2",
            "8.4.0",
            "9.0.0",
            "9.0.1",
            "9.1.0",
            "9.1.1",
            "9.2.0",
            "9.3.0",
            "9.4.0",
            "9.5.0"
          ]
        }
      ],
      "aliases": [
        "CVE-2026-59205",
        "GHSA-9hw9-ch79-4vh6"
      ],
      "details": "Pillow is a Python imaging library. Prior to 12.3.0, Pillow\u0027s ImageCms.ImageCmsTransform.apply(im, imOut) API can trigger controlled native heap corruption when the caller supplies an output image whose mode does not match the transform\u0027s declared output mode. This issue is fixed in version 12.3.0.",
      "id": "PYSEC-2026-3453",
      "modified": "2026-07-15T18:13:37.707825Z",
      "published": "2026-07-14T16:17:02.370Z",
      "references": [
        {
          "type": "ADVISORY",
          "url": "https://github.com/python-pillow/Pillow/releases/tag/12.3.0"
        },
        {
          "type": "FIX",
          "url": "https://github.com/python-pillow/Pillow/commit/a9ffc42bedf4fc0a7ef8d6486e7f9e81e3397721"
        },
        {
          "type": "FIX",
          "url": "https://github.com/python-pillow/Pillow/pull/9715"
        },
        {
          "type": "EVIDENCE",
          "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-9hw9-ch79-4vh6"
        }
      ],
      "severity": [
        {
          "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "type": "CVSS_V3"
        }
      ]
    }