Bug 2468458 (CVE-2026-42309) - CVE-2026-42309 Pillow: Pillow: Denial of Service via specially crafted coordinate input
Summary: CVE-2026-42309 Pillow: Pillow: Denial of Service via specially crafted coordi...
Keywords:
Status: NEW
Alias: CVE-2026-42309
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-05-09 06:01 UTC by OSIDB Bzimport
Modified: 2026-05-12 17:23 UTC (History)
55 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-05-09 06:01:34 UTC
Pillow is a Python imaging library. From version 11.2.1 to before version 12.2.0, passing nested lists as coordinates to APIs that accept coordinates such as ImagePath.Path, ImageDraw.ImageDraw.polygon and ImageDraw.ImageDraw.line could cause a heap buffer overflow, as nested lists were recursively unpacked beyond the allocated buffer. Coordinate lists are now validated to contain exactly two numeric coordinates. This issue has been patched in version 12.2.0.


Note You need to log in before you can comment on or make changes to this bug.