Bug 2439170 (CVE-2026-25990)

Summary: CVE-2026-25990 pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: alinfoot, anpicker, anthomas, bbrownin, bdettelb, bparees, caswilli, cmyers, derez, dfreiber, dnakabaa, doconnor, drow, dschmidt, dtrifiro, ebourniv, ehelms, erezende, ggainey, hasun, jburrell, jfula, jkoehler, jmitchel, jowilson, juwatts, jwong, kaycoth, kshier, lcouzens, lgallett, lphiri, mattdavi, mhayden, mhulan, nmoumoul, nyancey, omaciel, ometelka, osousa, pbohmill, pcreech, ptisnovs, rbryant, rchan, sbunciak, sdoran, smallamp, smcdonal, stcannon, syedriko, teagle, tmalecek, ttakamiy, vkumar, weaton, xdharmai, yguenane
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2439190, 2439191, 2439193, 2439197, 2439192, 2439194, 2439195, 2439196, 2439198, 2439199    
Bug Blocks:    

Description OSIDB Bzimport 2026-02-11 21:06:02 UTC 
Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.
Comment 2 errata-xmlrpc 2026-03-31 16:03:41 UTC 
This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.6 for RHEL 9
  Red Hat Ansible Automation Platform 2.6 for RHEL 10

Via RHSA-2026:6277 https://access.redhat.com/errata/RHSA-2026:6277
Comment 3 errata-xmlrpc 2026-03-31 16:11:23 UTC 
This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.5 for RHEL 8
  Red Hat Ansible Automation Platform 2.5 for RHEL 9

Via RHSA-2026:6278 https://access.redhat.com/errata/RHSA-2026:6278
Comment 4 errata-xmlrpc 2026-05-07 17:26:23 UTC 
This issue has been addressed in the following products:

  Red Hat Satellite 6.17 for RHEL 9

Via RHSA-2026:14873 https://access.redhat.com/errata/RHSA-2026:14873
Comment 5 errata-xmlrpc 2026-05-07 17:55:54 UTC 
This issue has been addressed in the following products:

  Red Hat Satellite 6.16 for RHEL 8
  Red Hat Satellite 6.16 for RHEL 9

Via RHSA-2026:14874 https://access.redhat.com/errata/RHSA-2026:14874