CVE-2026-42308

Published: Mag 09, 2026 Last Modified: Mag 09, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 5,1

Source: [email protected]

Attack Vector: local

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0.

190

Integer Overflow or Wraparound

Stable

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Availability Integrity Confidentiality Access Control Other

Potential Impacts:

Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Memory) Dos: Instability Modify Memory Execute Unauthorized Code Or Commands Bypass Protection Mechanism Alter Execution Logic Dos: Resource Consumption (Cpu)

Applicable Platforms

Languages: C, Not Language-Specific

Likelihood of Exploit: Medium

View CWE Details

https://github.com/python-pillow/Pillow/releases/tag/12.2.0

https://github.com/python-pillow/Pillow/security/advisories…

https://github.com/python-pillow/Pillow/security/advisories/GHSA-wjx4-4jcj-g98j

CVE-2026-42308

Description

Integer Overflow or Wraparound

Common Consequences

Applicable Platforms

Iscriviti alla newsletter