Search
Find a vulnerability
Search criteria
Related vulnerabilities
CVE-2026-59205 (GCVE-0-2026-59205)
Vulnerability from cvelistv5 – Published: 2026-07-14 15:48 – Updated: 2026-07-14 17:31
VLAI
EPSS
VEX
Title
Pillow: Controlled heap out-of-bounds write in `ImageCmsTransform.apply()` via output mode mismatch
Summary
Pillow is a Python imaging library. Prior to 12.3.0, Pillow's ImageCms.ImageCmsTransform.apply(im, imOut) API can trigger controlled native heap corruption when the caller supplies an output image whose mode does not match the transform's declared output mode. This issue is fixed in version 12.3.0.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/python-pillow/Pillow/security/… | x_refsource_CONFIRM |
| https://github.com/python-pillow/Pillow/pull/9715 | x_refsource_MISC |
| https://github.com/python-pillow/Pillow/commit/a9… | x_refsource_MISC |
| https://github.com/python-pillow/Pillow/releases/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| python-pillow | Pillow |
Affected:
< 12.3.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-59205",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-14T17:30:37.376489Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T17:31:36.064Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-9hw9-ch79-4vh6"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Pillow",
"vendor": "python-pillow",
"versions": [
{
"status": "affected",
"version": "\u003c 12.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pillow is a Python imaging library. Prior to 12.3.0, Pillow\u0027s ImageCms.ImageCmsTransform.apply(im, imOut) API can trigger controlled native heap corruption when the caller supplies an output image whose mode does not match the transform\u0027s declared output mode. This issue is fixed in version 12.3.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T15:48:39.962Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-9hw9-ch79-4vh6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-9hw9-ch79-4vh6"
},
{
"name": "https://github.com/python-pillow/Pillow/pull/9715",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-pillow/Pillow/pull/9715"
},
{
"name": "https://github.com/python-pillow/Pillow/commit/a9ffc42bedf4fc0a7ef8d6486e7f9e81e3397721",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-pillow/Pillow/commit/a9ffc42bedf4fc0a7ef8d6486e7f9e81e3397721"
},
{
"name": "https://github.com/python-pillow/Pillow/releases/tag/12.3.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-pillow/Pillow/releases/tag/12.3.0"
}
],
"source": {
"advisory": "GHSA-9hw9-ch79-4vh6",
"discovery": "UNKNOWN"
},
"title": "Pillow: Controlled heap out-of-bounds write in `ImageCmsTransform.apply()` via output mode mismatch"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-59205",
"datePublished": "2026-07-14T15:48:39.962Z",
"dateReserved": "2026-07-02T21:05:02.924Z",
"dateUpdated": "2026-07-14T17:31:36.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
PYSEC-2026-3453
Vulnerability from pysec - Published: 2026-07-14 16:17 - Updated: 2026-07-15 18:13
VLAI
Details
Pillow is a Python imaging library. Prior to 12.3.0, Pillow's ImageCms.ImageCmsTransform.apply(im, imOut) API can trigger controlled native heap corruption when the caller supplies an output image whose mode does not match the transform's declared output mode. This issue is fixed in version 12.3.0.
Severity
7.5 (High)
Impacted products
| Name | purl | pillow | pkg:pypi/pillow |
|---|
Aliases
{
"affected": [
{
"ecosystem_specific": {},
"package": {
"ecosystem": "PyPI",
"name": "pillow",
"purl": "pkg:pypi/pillow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.3.0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.0",
"1.1",
"1.2",
"1.3",
"1.4",
"1.5",
"1.6",
"1.7.0",
"1.7.1",
"1.7.2",
"1.7.3",
"1.7.4",
"1.7.5",
"1.7.6",
"1.7.7",
"1.7.8",
"10.0.0",
"10.0.1",
"10.1.0",
"10.2.0",
"10.3.0",
"10.4.0",
"11.0.0",
"11.1.0",
"11.2.1",
"11.3.0",
"12.0.0",
"12.1.0",
"12.1.1",
"12.2.0",
"2.0.0",
"2.1.0",
"2.2.0",
"2.2.1",
"2.2.2",
"2.3.0",
"2.3.1",
"2.3.2",
"2.4.0",
"2.5.0",
"2.5.1",
"2.5.2",
"2.5.3",
"2.6.0",
"2.6.1",
"2.6.2",
"2.7.0",
"2.8.0",
"2.8.1",
"2.8.2",
"2.9.0",
"3.0.0",
"3.1.0",
"3.1.0.rc1",
"3.1.0rc1",
"3.1.1",
"3.1.2",
"3.2.0",
"3.3.0",
"3.3.1",
"3.3.2",
"3.3.3",
"3.4.0",
"3.4.1",
"3.4.2",
"4.0.0",
"4.1.0",
"4.1.1",
"4.2.0",
"4.2.1",
"4.3.0",
"5.0.0",
"5.1.0",
"5.2.0",
"5.3.0",
"5.4.0",
"5.4.0.dev0",
"5.4.1",
"6.0.0",
"6.1.0",
"6.2.0",
"6.2.1",
"6.2.2",
"7.0.0",
"7.1.0",
"7.1.1",
"7.1.2",
"7.2.0",
"8.0.0",
"8.0.1",
"8.1.0",
"8.1.1",
"8.1.2",
"8.2.0",
"8.3.0",
"8.3.1",
"8.3.2",
"8.4.0",
"9.0.0",
"9.0.1",
"9.1.0",
"9.1.1",
"9.2.0",
"9.3.0",
"9.4.0",
"9.5.0"
]
}
],
"aliases": [
"CVE-2026-59205",
"GHSA-9hw9-ch79-4vh6"
],
"details": "Pillow is a Python imaging library. Prior to 12.3.0, Pillow\u0027s ImageCms.ImageCmsTransform.apply(im, imOut) API can trigger controlled native heap corruption when the caller supplies an output image whose mode does not match the transform\u0027s declared output mode. This issue is fixed in version 12.3.0.",
"id": "PYSEC-2026-3453",
"modified": "2026-07-15T18:13:37.707825Z",
"published": "2026-07-14T16:17:02.370Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/python-pillow/Pillow/releases/tag/12.3.0"
},
{
"type": "FIX",
"url": "https://github.com/python-pillow/Pillow/commit/a9ffc42bedf4fc0a7ef8d6486e7f9e81e3397721"
},
{
"type": "FIX",
"url": "https://github.com/python-pillow/Pillow/pull/9715"
},
{
"type": "EVIDENCE",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-9hw9-ch79-4vh6"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}