Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    140 vulnerabilities found for pillow by python

    CVE-2026-59205 (GCVE-0-2026-59205)

    Vulnerability from nvd – Published: 2026-07-14 15:48 – Updated: 2026-07-14 17:31
    VLAI
    Title
    Pillow: Controlled heap out-of-bounds write in `ImageCmsTransform.apply()` via output mode mismatch
    Summary
    Pillow is a Python imaging library. Prior to 12.3.0, Pillow's ImageCms.ImageCmsTransform.apply(im, imOut) API can trigger controlled native heap corruption when the caller supplies an output image whose mode does not match the transform's declared output mode. This issue is fixed in version 12.3.0.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    python-pillow Pillow Affected: < 12.3.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59205",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T17:30:37.376489Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T17:31:36.064Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-9hw9-ch79-4vh6"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Pillow",
              "vendor": "python-pillow",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 12.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Pillow is a Python imaging library. Prior to 12.3.0, Pillow\u0027s ImageCms.ImageCmsTransform.apply(im, imOut) API can trigger controlled native heap corruption when the caller supplies an output image whose mode does not match the transform\u0027s declared output mode. This issue is fixed in version 12.3.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T15:48:39.962Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-9hw9-ch79-4vh6",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-9hw9-ch79-4vh6"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/pull/9715",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/pull/9715"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/commit/a9ffc42bedf4fc0a7ef8d6486e7f9e81e3397721",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/commit/a9ffc42bedf4fc0a7ef8d6486e7f9e81e3397721"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/releases/tag/12.3.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/releases/tag/12.3.0"
            }
          ],
          "source": {
            "advisory": "GHSA-9hw9-ch79-4vh6",
            "discovery": "UNKNOWN"
          },
          "title": "Pillow: Controlled heap out-of-bounds write in `ImageCmsTransform.apply()` via output mode mismatch"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-59205",
        "datePublished": "2026-07-14T15:48:39.962Z",
        "dateReserved": "2026-07-02T21:05:02.924Z",
        "dateUpdated": "2026-07-14T17:31:36.064Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59204 (GCVE-0-2026-59204)

    Vulnerability from nvd – Published: 2026-07-14 15:38 – Updated: 2026-07-14 15:38
    VLAI
    Title
    Pillow JPEG2000 tiled decode retains a growing scratch buffer and can be used for denial of service
    Summary
    Pillow is a Python imaging library. From 8.2.0 through 12.2.0, src/libImaging/Jpeg2KDecode.c accumulates total_component_width across every tile in a JPEG2000 image instead of recomputing it per tile, allowing a crafted tiled JPEG2000 file to force substantially higher transient memory usage and trigger out-of-memory failures during decoding. This issue is fixed in version 12.3.0.
    CWE
    • CWE-789 - Memory Allocation with Excessive Size Value
    Assigner
    Impacted products
    Vendor Product Version
    python-pillow Pillow Affected: >= 8.2.0, < 12.3.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "Pillow",
              "vendor": "python-pillow",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 8.2.0, \u003c 12.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Pillow is a Python imaging library. From 8.2.0 through 12.2.0, src/libImaging/Jpeg2KDecode.c accumulates total_component_width across every tile in a JPEG2000 image instead of recomputing it per tile, allowing a crafted tiled JPEG2000 file to force substantially higher transient memory usage and trigger out-of-memory failures during decoding. This issue is fixed in version 12.3.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-789",
                  "description": "CWE-789: Memory Allocation with Excessive Size Value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T15:38:29.545Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-vjc4-5qp5-m44j",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-vjc4-5qp5-m44j"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/pull/9704",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/pull/9704"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/commit/13ada41172142f2fd9f0906f615a00ea623a11ca",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/commit/13ada41172142f2fd9f0906f615a00ea623a11ca"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/releases/tag/12.3.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/releases/tag/12.3.0"
            }
          ],
          "source": {
            "advisory": "GHSA-vjc4-5qp5-m44j",
            "discovery": "UNKNOWN"
          },
          "title": "Pillow JPEG2000 tiled decode retains a growing scratch buffer and can be used for denial of service"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-59204",
        "datePublished": "2026-07-14T15:38:29.545Z",
        "dateReserved": "2026-07-02T21:05:02.923Z",
        "dateUpdated": "2026-07-14T15:38:29.545Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59203 (GCVE-0-2026-59203)

    Vulnerability from nvd – Published: 2026-07-14 15:43 – Updated: 2026-07-14 15:49
    VLAI
    Title
    Pillow EpsImagePlugin negative %%BeginBinary byte count causes infinite loop denial of service
    Summary
    Pillow is a Python imaging library. From 12.0.0 through 12.2.0, Pillow's EPS parser in PIL/EpsImagePlugin.py accepts a negative byte count in the %%BeginBinary directive, allowing a crafted EPS file to cause Image.open() to seek backwards to the same directive and parse it repeatedly in an infinite loop. This issue is fixed in version 12.3.0.
    CWE
    • CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
    Assigner
    Impacted products
    Vendor Product Version
    python-pillow Pillow Affected: >= 12.0.0, < 12.3.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "Pillow",
              "vendor": "python-pillow",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 12.0.0, \u003c 12.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Pillow is a Python imaging library. From 12.0.0 through 12.2.0, Pillow\u0027s EPS parser in PIL/EpsImagePlugin.py accepts a negative byte count in the %%BeginBinary directive, allowing a crafted EPS file to cause Image.open() to seek backwards to the same directive and parse it repeatedly in an infinite loop. This issue is fixed in version 12.3.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-835",
                  "description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T15:49:07.973Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-pg7v-jwj7-p798",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-pg7v-jwj7-p798"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/pull/9708",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/pull/9708"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/commit/03992618118b4a76b6163cd72ab5ecd684133b83",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/commit/03992618118b4a76b6163cd72ab5ecd684133b83"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/releases/tag/12.3.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/releases/tag/12.3.0"
            }
          ],
          "source": {
            "advisory": "GHSA-pg7v-jwj7-p798",
            "discovery": "UNKNOWN"
          },
          "title": "Pillow EpsImagePlugin negative %%BeginBinary byte count causes infinite loop denial of service"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-59203",
        "datePublished": "2026-07-14T15:43:58.333Z",
        "dateReserved": "2026-07-02T21:05:02.923Z",
        "dateUpdated": "2026-07-14T15:49:07.973Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59199 (GCVE-0-2026-59199)

    Vulnerability from nvd – Published: 2026-07-14 15:42 – Updated: 2026-07-14 15:42
    VLAI
    Title
    Pillow: Heap out-of-bounds write `Image.paste()` / `Image.crop()` via signed coordinate overflow
    Summary
    Pillow is a Python imaging library. Prior to 12.3.0, Pillow public image coordinate APIs can trigger a native heap out-of-bounds write when given coordinates near the signed 32-bit integer limits in Image.paste(), Image.crop(), or Image.alpha_composite(). This issue is fixed in version 12.3.0.
    CWE
    • CWE-190 - Integer Overflow or Wraparound
    • CWE-787 - Out-of-bounds Write
    Assigner
    Impacted products
    Vendor Product Version
    python-pillow Pillow Affected: < 12.3.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "Pillow",
              "vendor": "python-pillow",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 12.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Pillow is a Python imaging library. Prior to 12.3.0, Pillow public image coordinate APIs can trigger a native heap out-of-bounds write when given coordinates near the signed 32-bit integer limits in Image.paste(), Image.crop(), or Image.alpha_composite(). This issue is fixed in version 12.3.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190: Integer Overflow or Wraparound",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T15:42:15.071Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-6r8x-57c9-28j4",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-6r8x-57c9-28j4"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/pull/9703",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/pull/9703"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/commit/ceefc348eb3c3844c7f9796ef2cc3a7dd5fbba7b",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/commit/ceefc348eb3c3844c7f9796ef2cc3a7dd5fbba7b"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/releases/tag/12.3.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/releases/tag/12.3.0"
            }
          ],
          "source": {
            "advisory": "GHSA-6r8x-57c9-28j4",
            "discovery": "UNKNOWN"
          },
          "title": "Pillow: Heap out-of-bounds write `Image.paste()` / `Image.crop()` via signed coordinate overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-59199",
        "datePublished": "2026-07-14T15:42:15.071Z",
        "dateReserved": "2026-07-02T19:53:48.831Z",
        "dateUpdated": "2026-07-14T15:42:15.071Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59198 (GCVE-0-2026-59198)

    Vulnerability from nvd – Published: 2026-07-14 16:07 – Updated: 2026-07-14 19:55
    VLAI
    Title
    Pillow TGA RLE encoder can serialize up to ~57 KB of adjacent heap data into generated images
    Summary
    Pillow is a Python imaging library. From 5.2.0 until 12.3.0, Pillow's TGA RLE encoder reads past its packed row buffer when saving a mode 1 image with TGA RLE compression, allowing adjacent process heap bytes to be copied into the generated TGA file. This issue is fixed in version 12.3.0.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    python-pillow Pillow Affected: >= 5.2.0, < 12.3.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59198",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T19:44:23.310384Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T19:55:56.380Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-fj7v-r99m-22gq"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Pillow",
              "vendor": "python-pillow",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 5.2.0, \u003c 12.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Pillow is a Python imaging library. From 5.2.0 until 12.3.0, Pillow\u0027s TGA RLE encoder reads past its packed row buffer when saving a mode 1 image with TGA RLE compression, allowing adjacent process heap bytes to be copied into the generated TGA file. This issue is fixed in version 12.3.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T16:07:56.562Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-fj7v-r99m-22gq",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-fj7v-r99m-22gq"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/pull/9709",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/pull/9709"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/commit/eada3cbd7fb9963ee90673fb7b5270124a0d5f4b",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/commit/eada3cbd7fb9963ee90673fb7b5270124a0d5f4b"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/releases/tag/12.3.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/releases/tag/12.3.0"
            }
          ],
          "source": {
            "advisory": "GHSA-fj7v-r99m-22gq",
            "discovery": "UNKNOWN"
          },
          "title": "Pillow TGA RLE encoder can serialize up to ~57 KB of adjacent heap data into generated images"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-59198",
        "datePublished": "2026-07-14T16:07:56.562Z",
        "dateReserved": "2026-07-02T19:53:48.831Z",
        "dateUpdated": "2026-07-14T19:55:56.380Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55798 (GCVE-0-2026-55798)

    Vulnerability from nvd – Published: 2026-07-06 18:44 – Updated: 2026-07-07 15:19
    VLAI
    Title
    Pillow: WindowsViewer.get_command() OS command injection via unescaped shell path
    Summary
    Pillow is a Python imaging library. Prior to 12.3.0, WindowsViewer.get_command() constructed a cmd.exe shell command by directly embedding a file path into an f-string without escaping and passed the result to subprocess.Popen(..., shell=True), allowing shell metacharacters in the file path to inject arbitrary cmd.exe commands. This issue is fixed in version 12.3.0.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    python-pillow Pillow Affected: < 12.3.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55798",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-07T15:19:30.348707Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-07T15:19:40.072Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-4x4j-2g7c-83w6"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Pillow",
              "vendor": "python-pillow",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 12.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Pillow is a Python imaging library. Prior to 12.3.0, WindowsViewer.get_command() constructed a cmd.exe shell command by directly embedding a file path into an f-string without escaping and passed the result to subprocess.Popen(..., shell=True), allowing shell metacharacters in the file path to inject arbitrary cmd.exe commands. This issue is fixed in version 12.3.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 4.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-06T18:44:38.441Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-4x4j-2g7c-83w6",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-4x4j-2g7c-83w6"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/commit/8404ea5fe5df40fc34aa1e51403dd6fce0778b8a",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/commit/8404ea5fe5df40fc34aa1e51403dd6fce0778b8a"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/commit/88194166691b7b603529b8b036ab3ab9cedd2de4",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/commit/88194166691b7b603529b8b036ab3ab9cedd2de4"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/commit/b0e06caa64c1405aa3da0bb1d2bd9a77ca22de7f",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/commit/b0e06caa64c1405aa3da0bb1d2bd9a77ca22de7f"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst"
            }
          ],
          "source": {
            "advisory": "GHSA-4x4j-2g7c-83w6",
            "discovery": "UNKNOWN"
          },
          "title": "Pillow: WindowsViewer.get_command() OS command injection via unescaped shell path"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55798",
        "datePublished": "2026-07-06T18:44:38.441Z",
        "dateReserved": "2026-06-17T14:40:28.381Z",
        "dateUpdated": "2026-07-07T15:19:40.072Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55380 (GCVE-0-2026-55380)

    Vulnerability from nvd – Published: 2026-07-06 18:50 – Updated: 2026-07-06 19:23
    VLAI
    Title
    Pillow GdImageFile decompression bomb protection bypass
    Summary
    Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile._open() read image dimensions from the GD 2.x header and stored them in self._size without calling Image._decompression_bomb_check(), allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This issue is fixed in version 12.3.0.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-789 - Memory Allocation with Excessive Size Value
    Assigner
    Impacted products
    Vendor Product Version
    python-pillow Pillow Affected: < 12.3.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55380",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T19:23:03.405538Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T19:23:30.046Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-phj9-mv4w-65pm"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Pillow",
              "vendor": "python-pillow",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 12.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile._open() read image dimensions from the GD 2.x header and stored them in self._size without calling Image._decompression_bomb_check(), allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This issue is fixed in version 12.3.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-789",
                  "description": "CWE-789: Memory Allocation with Excessive Size Value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-06T18:51:08.092Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-phj9-mv4w-65pm",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-phj9-mv4w-65pm"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/commit/f39b0ae6624eb2d7c5c5d651d9bb5fdbd96a8675",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/commit/f39b0ae6624eb2d7c5c5d651d9bb5fdbd96a8675"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst"
            }
          ],
          "source": {
            "advisory": "GHSA-phj9-mv4w-65pm",
            "discovery": "UNKNOWN"
          },
          "title": "Pillow GdImageFile decompression bomb protection bypass"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55380",
        "datePublished": "2026-07-06T18:50:14.789Z",
        "dateReserved": "2026-06-16T18:57:40.182Z",
        "dateUpdated": "2026-07-06T19:23:30.046Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55379 (GCVE-0-2026-55379)

    Vulnerability from nvd – Published: 2026-07-06 18:52 – Updated: 2026-07-06 19:17
    VLAI
    Title
    Pillow BdfFontFile`: `Image.new()` called without `_decompression_bomb_check()` — bomb protection bypass via font loading
    Summary
    Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdf_char() read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new() without calling Image._decompression_bomb_check(), bypassing Pillow's documented decompression bomb protection and allowing excessive memory allocation. This issue is fixed in version 12.3.0.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-789 - Memory Allocation with Excessive Size Value
    Assigner
    Impacted products
    Vendor Product Version
    python-pillow Pillow Affected: < 12.3.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55379",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T19:16:56.631649Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T19:17:03.941Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-45hq-cxwh-f6vc"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Pillow",
              "vendor": "python-pillow",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 12.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdf_char() read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new() without calling Image._decompression_bomb_check(), bypassing Pillow\u0027s documented decompression bomb protection and allowing excessive memory allocation. This issue is fixed in version 12.3.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-789",
                  "description": "CWE-789: Memory Allocation with Excessive Size Value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-06T18:52:11.633Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-45hq-cxwh-f6vc",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-45hq-cxwh-f6vc"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/commit/0a263e6264aa5399988d9acd3bbfbca2ca3ec77d",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/commit/0a263e6264aa5399988d9acd3bbfbca2ca3ec77d"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst"
            }
          ],
          "source": {
            "advisory": "GHSA-45hq-cxwh-f6vc",
            "discovery": "UNKNOWN"
          },
          "title": "Pillow BdfFontFile`: `Image.new()` called without `_decompression_bomb_check()` \u2014 bomb protection bypass via font loading"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55379",
        "datePublished": "2026-07-06T18:52:11.633Z",
        "dateReserved": "2026-06-16T18:57:40.181Z",
        "dateUpdated": "2026-07-06T19:17:03.941Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54060 (GCVE-0-2026-54060)

    Vulnerability from nvd – Published: 2026-07-06 18:49 – Updated: 2026-07-07 14:08
    VLAI
    Title
    Pillow: `FontFile.compile()`: `Image.new()` called without `_decompression_bomb_check()`
    Summary
    Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile() assembled per-glyph images into a combined bitmap with Image.new("1", (xsize, ysize)) without calling Image._decompression_bomb_check(), allowing a font to trigger excessive allocation during conversion or saving. This issue is fixed in version 12.3.0.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-789 - Memory Allocation with Excessive Size Value
    Assigner
    Impacted products
    Vendor Product Version
    python-pillow Pillow Affected: < 12.3.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54060",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-07T14:07:46.646415Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-07T14:08:14.588Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-5x94-69rx-g8h2"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Pillow",
              "vendor": "python-pillow",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 12.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile() assembled per-glyph images into a combined bitmap with Image.new(\"1\", (xsize, ysize)) without calling Image._decompression_bomb_check(), allowing a font to trigger excessive allocation during conversion or saving. This issue is fixed in version 12.3.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-789",
                  "description": "CWE-789: Memory Allocation with Excessive Size Value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-06T18:49:23.788Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-5x94-69rx-g8h2",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-5x94-69rx-g8h2"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/commit/0a263e6264aa5399988d9acd3bbfbca2ca3ec77d",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/commit/0a263e6264aa5399988d9acd3bbfbca2ca3ec77d"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst"
            }
          ],
          "source": {
            "advisory": "GHSA-5x94-69rx-g8h2",
            "discovery": "UNKNOWN"
          },
          "title": "Pillow: `FontFile.compile()`: `Image.new()` called without `_decompression_bomb_check()`"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54060",
        "datePublished": "2026-07-06T18:49:23.788Z",
        "dateReserved": "2026-06-11T18:24:35.096Z",
        "dateUpdated": "2026-07-07T14:08:14.588Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54059 (GCVE-0-2026-54059)

    Vulnerability from nvd – Published: 2026-07-06 18:46 – Updated: 2026-07-07 16:57
    VLAI
    Title
    Pillow: PcfFontFile._load_bitmaps()`: `Image.frombytes()` called without `_decompression_bomb_check()` — bomb protection bypass via PCF font loading
    Summary
    Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py _load_bitmaps() read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes() without calling Image._decompression_bomb_check(), allowing crafted PCF font data to cause excessive memory allocation. This issue is fixed in version 12.3.0.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-789 - Memory Allocation with Excessive Size Value
    Assigner
    Impacted products
    Vendor Product Version
    python-pillow Pillow Affected: < 12.3.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54059",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-07T16:44:18.151665Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-07T16:57:53.021Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-8v84-f9pq-wr9x"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Pillow",
              "vendor": "python-pillow",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 12.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py _load_bitmaps() read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes() without calling Image._decompression_bomb_check(), allowing crafted PCF font data to cause excessive memory allocation. This issue is fixed in version 12.3.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-789",
                  "description": "CWE-789: Memory Allocation with Excessive Size Value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-06T18:47:07.748Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-8v84-f9pq-wr9x",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-8v84-f9pq-wr9x"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/commit/0a263e6264aa5399988d9acd3bbfbca2ca3ec77d",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/commit/0a263e6264aa5399988d9acd3bbfbca2ca3ec77d"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst"
            }
          ],
          "source": {
            "advisory": "GHSA-8v84-f9pq-wr9x",
            "discovery": "UNKNOWN"
          },
          "title": "Pillow: PcfFontFile._load_bitmaps()`: `Image.frombytes()` called without `_decompression_bomb_check()` \u2014 bomb protection bypass via PCF font loading"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54059",
        "datePublished": "2026-07-06T18:46:09.433Z",
        "dateReserved": "2026-06-11T18:24:35.096Z",
        "dateUpdated": "2026-07-07T16:57:53.021Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42311 (GCVE-0-2026-42311)

    Vulnerability from nvd – Published: 2026-05-09 04:11 – Updated: 2026-05-12 02:24
    VLAI
    Title
    Pillow: OOB Write with Invalid PSD Tile Extents (Integer Overflow)
    Summary
    Pillow is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution. This issue has been patched in version 12.2.0.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer Overflow or Wraparound
    • CWE-787 - Out-of-bounds Write
    Assigner
    Impacted products
    Vendor Product Version
    python-pillow Pillow Affected: >= 10.3.0, < 12.2.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42311",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T02:24:20.356743Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T02:24:33.053Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Pillow",
              "vendor": "python-pillow",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 10.3.0, \u003c 12.2.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Pillow is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution. This issue has been patched in version 12.2.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190: Integer Overflow or Wraparound",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-09T04:11:58.092Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-pwv6-vv43-88gr",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-pwv6-vv43-88gr"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/pull/9520",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/pull/9520"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/commit/58f9a1d166dcb0c274807d4423522d205b0c35ea",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/commit/58f9a1d166dcb0c274807d4423522d205b0c35ea"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/releases/tag/12.2.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/releases/tag/12.2.0"
            }
          ],
          "source": {
            "advisory": "GHSA-pwv6-vv43-88gr",
            "discovery": "UNKNOWN"
          },
          "title": "Pillow: OOB Write with Invalid PSD Tile Extents (Integer Overflow)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-42311",
        "datePublished": "2026-05-09T04:11:58.092Z",
        "dateReserved": "2026-04-26T12:37:18.169Z",
        "dateUpdated": "2026-05-12T02:24:33.053Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42310 (GCVE-0-2026-42310)

    Vulnerability from nvd – Published: 2026-05-09 04:10 – Updated: 2026-05-12 18:31
    VLAI
    Title
    Pillow: PDF Parsing Trailer Infinite Loop (DoS)
    Summary
    Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This issue has been patched in version 12.2.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
    Assigner
    Impacted products
    Vendor Product Version
    python-pillow Pillow Affected: >= 4.2.0, < 12.2.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42310",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T13:33:37.176930Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T18:31:10.271Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Pillow",
              "vendor": "python-pillow",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 4.2.0, \u003c 12.2.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This issue has been patched in version 12.2.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-835",
                  "description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-09T04:10:48.395Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-r73j-pqj5-w3x7",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-r73j-pqj5-w3x7"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/pull/9519",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/pull/9519"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/commit/3bf614e4b8615d0ce1d5039efaf6db447fe7c468",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/commit/3bf614e4b8615d0ce1d5039efaf6db447fe7c468"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/releases/tag/12.2.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/releases/tag/12.2.0"
            }
          ],
          "source": {
            "advisory": "GHSA-r73j-pqj5-w3x7",
            "discovery": "UNKNOWN"
          },
          "title": "Pillow: PDF Parsing Trailer Infinite Loop (DoS)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-42310",
        "datePublished": "2026-05-09T04:10:48.395Z",
        "dateReserved": "2026-04-26T12:37:18.169Z",
        "dateUpdated": "2026-05-12T18:31:10.271Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42309 (GCVE-0-2026-42309)

    Vulnerability from nvd – Published: 2026-05-09 04:08 – Updated: 2026-05-11 14:48
    VLAI
    Title
    Pillow: Heap buffer overflow with nested list coordinates
    Summary
    Pillow is a Python imaging library. From version 11.2.1 to before version 12.2.0, passing nested lists as coordinates to APIs that accept coordinates such as ImagePath.Path, ImageDraw.ImageDraw.polygon and ImageDraw.ImageDraw.line could cause a heap buffer overflow, as nested lists were recursively unpacked beyond the allocated buffer. Coordinate lists are now validated to contain exactly two numeric coordinates. This issue has been patched in version 12.2.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    python-pillow Pillow Affected: >= 11.2.1, < 12.2.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42309",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-11T14:48:09.669871Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-11T14:48:18.204Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Pillow",
              "vendor": "python-pillow",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 11.2.1, \u003c 12.2.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Pillow is a Python imaging library. From version 11.2.1 to before version 12.2.0, passing nested lists as coordinates to APIs that accept coordinates such as ImagePath.Path, ImageDraw.ImageDraw.polygon and ImageDraw.ImageDraw.line could cause a heap buffer overflow, as nested lists were recursively unpacked beyond the allocated buffer. Coordinate lists are now validated to contain exactly two numeric coordinates. This issue has been patched in version 12.2.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-09T04:08:10.517Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-5xmw-vc9v-4wf2",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-5xmw-vc9v-4wf2"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/releases/tag/12.2.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/releases/tag/12.2.0"
            }
          ],
          "source": {
            "advisory": "GHSA-5xmw-vc9v-4wf2",
            "discovery": "UNKNOWN"
          },
          "title": "Pillow: Heap buffer overflow with nested list coordinates"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-42309",
        "datePublished": "2026-05-09T04:08:10.517Z",
        "dateReserved": "2026-04-26T12:37:18.169Z",
        "dateUpdated": "2026-05-11T14:48:18.204Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42308 (GCVE-0-2026-42308)

    Vulnerability from nvd – Published: 2026-05-09 04:09 – Updated: 2026-05-11 15:03
    VLAI
    Title
    Pillow: Integer overflow when processing fonts
    Summary
    Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer Overflow or Wraparound
    Assigner
    References
    Impacted products
    Vendor Product Version
    python-pillow Pillow Affected: < 12.2.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42308",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-11T15:02:54.644937Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-11T15:03:00.916Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Pillow",
              "vendor": "python-pillow",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 12.2.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190: Integer Overflow or Wraparound",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-09T04:09:01.631Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-wjx4-4jcj-g98j",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-wjx4-4jcj-g98j"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/releases/tag/12.2.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/releases/tag/12.2.0"
            }
          ],
          "source": {
            "advisory": "GHSA-wjx4-4jcj-g98j",
            "discovery": "UNKNOWN"
          },
          "title": "Pillow: Integer overflow when processing fonts"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-42308",
        "datePublished": "2026-05-09T04:09:01.631Z",
        "dateReserved": "2026-04-26T12:37:18.169Z",
        "dateUpdated": "2026-05-11T15:03:00.916Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40192 (GCVE-0-2026-40192)

    Vulnerability from nvd – Published: 2026-04-15 22:53 – Updated: 2026-07-15 01:01
    VLAI
    Title
    Pillow is vulnerable to a FITS GZIP decompression bomb
    Summary
    Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leading to denial of service (OOM crash or severe performance degradation). If users are unable to immediately upgrade, they should only open specific image formats, excluding FITS, as a workaround.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    • CWE-400 - Uncontrolled Resource Consumption
    • CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)
    Assigner
    References
    URL Tags
    https://github.com/python-pillow/Pillow/security/… x_refsource_CONFIRM
    https://github.com/python-pillow/Pillow/pull/9521 x_refsource_MISC
    https://github.com/python-pillow/Pillow/commit/3c… x_refsource_MISC
    https://pillow.readthedocs.io/en/stable/releaseno… x_refsource_MISC
    https://access.redhat.com/security/cve/CVE-2026-40192 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2458856 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    https://access.redhat.com/errata/RHSA-2026:24761 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:27076 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:24762 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34366 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34368 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34365 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16008 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16030 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16009 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16174 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:24866 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17611 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17609 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:24977 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19712 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:37275 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22840 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22629 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21017 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:24853 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19375 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22465 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:23361 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    python-pillow Pillow Affected: >= 10.3.0, < 12.2.0
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:12.2.0-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:12.2.0-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.6 for RHEL 9 Unaffected: 0:12.2.0-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.6::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.16 for RHEL 8 Unaffected: 0:12.2.0-1.el8pc , < * (rpm)
        cpe:/a:redhat:satellite:6.16::el8
        cpe:/a:redhat:satellite_capsule:6.16::el8
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.16 for RHEL 9 Unaffected: 0:12.2.0-1.el9pc , < * (rpm)
        cpe:/a:redhat:satellite:6.16::el9
        cpe:/a:redhat:satellite_capsule:6.16::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:12.2.0-1.el9pc , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.18 for RHEL 9 Unaffected: 0:12.2.0-1.el9pc , < * (rpm)
        cpe:/a:redhat:satellite:6.18::el9
        cpe:/a:redhat:satellite_capsule:6.18::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.19 for RHEL 9 Unaffected: 0:12.2.0-1.el9pc , < * (rpm)
        cpe:/a:redhat:satellite:6.19::el9
        cpe:/a:redhat:satellite_capsule:6.19::el9
    Create a notification for this product.
    Red Hat Red Hat AI Inference Server 3.3 Unaffected: 1778244559 , < * (rpm)
        cpe:/a:redhat:ai_inference_server:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat AI Inference Server 3.3 Unaffected: 1778244531 , < * (rpm)
        cpe:/a:redhat:ai_inference_server:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat AI Inference Server 3.3 Unaffected: 1778274666 , < * (rpm)
        cpe:/a:redhat:ai_inference_server:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat AI Inference Server 3.3 Unaffected: 1778244546 , < * (rpm)
        cpe:/a:redhat:ai_inference_server:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.6 Unaffected: 1779761061 , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.6::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.6 Unaffected: 1780102732 , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.6::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AI 3.3 Unaffected: 1778690639 , < * (rpm)
        cpe:/a:redhat:enterprise_linux_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AI 3.3 Unaffected: 1778677633 , < * (rpm)
        cpe:/a:redhat:enterprise_linux_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AI 3.3 Unaffected: 1778677632 , < * (rpm)
        cpe:/a:redhat:enterprise_linux_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AI 3.3 Unaffected: 1778677745 , < * (rpm)
        cpe:/a:redhat:enterprise_linux_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AI 3.3 Unaffected: 1778666122 , < * (rpm)
        cpe:/a:redhat:enterprise_linux_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AI 3.3 Unaffected: 1778666124 , < * (rpm)
        cpe:/a:redhat:enterprise_linux_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 2.25 Unaffected: 1780388133 , < * (rpm)
        cpe:/a:redhat:openshift_ai:2.25::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.3 Unaffected: 1778677779 , < * (rpm)
        cpe:/a:redhat:openshift_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.3 Unaffected: 1778677692 , < * (rpm)
        cpe:/a:redhat:openshift_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.3 Unaffected: 1778262893 , < * (rpm)
        cpe:/a:redhat:openshift_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.3 Unaffected: 1778677701 , < * (rpm)
        cpe:/a:redhat:openshift_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.3 Unaffected: 1778677741 , < * (rpm)
        cpe:/a:redhat:openshift_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.3 Unaffected: 1778677767 , < * (rpm)
        cpe:/a:redhat:openshift_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.3 Unaffected: 1779123334 , < * (rpm)
        cpe:/a:redhat:openshift_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.3 Unaffected: 1778263128 , < * (rpm)
        cpe:/a:redhat:openshift_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.3 Unaffected: 1778782933 , < * (rpm)
        cpe:/a:redhat:openshift_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.3 Unaffected: 1778677718 , < * (rpm)
        cpe:/a:redhat:openshift_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.3 Unaffected: 1778677716 , < * (rpm)
        cpe:/a:redhat:openshift_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.3 Unaffected: 1778263054 , < * (rpm)
        cpe:/a:redhat:openshift_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.3 Unaffected: 1778677734 , < * (rpm)
        cpe:/a:redhat:openshift_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.3 Unaffected: 1778677667 , < * (rpm)
        cpe:/a:redhat:openshift_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.3 Unaffected: 1778677717 , < * (rpm)
        cpe:/a:redhat:openshift_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.3 Unaffected: 1778677722 , < * (rpm)
        cpe:/a:redhat:openshift_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.3 Unaffected: 1782472374 , < * (rpm)
        cpe:/a:redhat:openshift_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.3 Unaffected: 1782471606 , < * (rpm)
        cpe:/a:redhat:openshift_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat Quay 3.10 Unaffected: 1779822261 , < * (rpm)
        cpe:/a:redhat:quay:3.10::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.12 Unaffected: 1779811412 , < * (rpm)
        cpe:/a:redhat:quay:3.12::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.14 Unaffected: 1779689392 , < * (rpm)
        cpe:/a:redhat:quay:3.14::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.15 Unaffected: 1780891395 , < * (rpm)
        cpe:/a:redhat:quay:3.15::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.16 Unaffected: 1779204086 , < * (rpm)
        cpe:/a:redhat:quay:3.16::el9
    Create a notification for this product.
    Red Hat Red Hat Quay 3.17 Unaffected: 1779922205 , < * (rpm)
        cpe:/a:redhat:quay:3.17::el9
    Create a notification for this product.
    Red Hat Red Hat Quay 3.9 Unaffected: 1779811473 , < * (rpm)
        cpe:/a:redhat:quay:3.9::el8
    Create a notification for this product.
    Red Hat Lightspeed Core     cpe:/a:redhat:lightspeed_core
    Create a notification for this product.
    Red Hat OpenShift Lightspeed     cpe:/a:redhat:openshift_lightspeed
    Create a notification for this product.
    Red Hat Red Hat AI Inference Server     cpe:/a:redhat:ai_inference_server:3
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40192",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-16T13:37:11.864898Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-16T13:37:19.918Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
                ],
                "defaultStatus": "affected",
                "packageName": "python3.12-pillow",
                "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "0:12.2.0-1.el8ap",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2.5::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "python3.12-pillow",
                "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "0:12.2.0-1.el9ap",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2.6::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "python3.12-pillow",
                "product": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "0:12.2.0-1.el9ap",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:satellite:6.16::el8",
                  "cpe:/a:redhat:satellite_capsule:6.16::el8"
                ],
                "defaultStatus": "affected",
                "packageName": "python-pillow",
                "product": "Red Hat Satellite 6.16 for RHEL 8",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "0:12.2.0-1.el8pc",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:satellite:6.16::el9",
                  "cpe:/a:redhat:satellite_capsule:6.16::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "python-pillow",
                "product": "Red Hat Satellite 6.16 for RHEL 9",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "0:12.2.0-1.el9pc",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:satellite:6.17::el9",
                  "cpe:/a:redhat:satellite_capsule:6.17::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "python-pillow",
                "product": "Red Hat Satellite 6.17 for RHEL 9",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "0:12.2.0-1.el9pc",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:satellite:6.18::el9",
                  "cpe:/a:redhat:satellite_capsule:6.18::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "python3.12-pillow",
                "product": "Red Hat Satellite 6.18 for RHEL 9",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "0:12.2.0-1.el9pc",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:satellite:6.19::el9",
                  "cpe:/a:redhat:satellite_capsule:6.19::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "python3.12-pillow",
                "product": "Red Hat Satellite 6.19 for RHEL 9",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "0:12.2.0-1.el9pc",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:ai_inference_server:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhaiis/model-opt-cuda-rhel9",
                "product": "Red Hat AI Inference Server 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778244559",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:ai_inference_server:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhaiis/vllm-rocm-rhel9",
                "product": "Red Hat AI Inference Server 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778244531",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:ai_inference_server:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhaiis/vllm-cuda-rhel9",
                "product": "Red Hat AI Inference Server 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778274666",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:ai_inference_server:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhaiis/vllm-spyre-rhel9",
                "product": "Red Hat AI Inference Server 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778244546",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2.6::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "ansible-automation-platform-26/hub-rhel9",
                "product": "Red Hat Ansible Automation Platform 2.6",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1779761061",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2.6::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "ansible-automation-platform-26/lightspeed-chatbot-rhel9",
                "product": "Red Hat Ansible Automation Platform 2.6",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1780102732",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhelai3/disk-image-cuda-rhel9",
                "product": "Red Hat Enterprise Linux AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778690639",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhelai3/bootc-aws-cuda-rhel9",
                "product": "Red Hat Enterprise Linux AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778677633",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhelai3/bootc-azure-cuda-rhel9",
                "product": "Red Hat Enterprise Linux AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778677632",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhelai3/bootc-azure-rocm-rhel9",
                "product": "Red Hat Enterprise Linux AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778677745",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhelai3/bootc-cuda-rhel9",
                "product": "Red Hat Enterprise Linux AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778666122",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhelai3/bootc-gcp-cuda-rhel9",
                "product": "Red Hat Enterprise Linux AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778677632",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhelai3/bootc-rocm-rhel9",
                "product": "Red Hat Enterprise Linux AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778666124",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:2.25::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-caikit-tgis-serving-rhel9",
                "product": "Red Hat OpenShift AI 2.25",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1780388133",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-pipeline-runtime-datascience-cpu-py312-rhel9",
                "product": "Red Hat OpenShift AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778677779",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-pipeline-runtime-pytorch-cuda-py312-rhel9",
                "product": "Red Hat OpenShift AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778677692",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-pipeline-runtime-pytorch-llmcompressor-cuda-py312-rhel9",
                "product": "Red Hat OpenShift AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778262893",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-pipeline-runtime-pytorch-rocm-py312-rhel9",
                "product": "Red Hat OpenShift AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778677701",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-pipeline-runtime-tensorflow-cuda-py312-rhel9",
                "product": "Red Hat OpenShift AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778677741",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-pipeline-runtime-tensorflow-rocm-py312-rhel9",
                "product": "Red Hat OpenShift AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778677767",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-training-cuda128-torch29-py312-rhel9",
                "product": "Red Hat OpenShift AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1779123334",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-training-rocm64-torch29-py312-rhel9",
                "product": "Red Hat OpenShift AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778263128",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-workbench-codeserver-datascience-cpu-py312-rhel9",
                "product": "Red Hat OpenShift AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778782933",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-workbench-jupyter-datascience-cpu-py312-rhel9",
                "product": "Red Hat OpenShift AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778677718",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-workbench-jupyter-pytorch-cuda-py312-rhel9",
                "product": "Red Hat OpenShift AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778677716",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-workbench-jupyter-pytorch-llmcompressor-cuda-py312-rhel9",
                "product": "Red Hat OpenShift AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778263054",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-workbench-jupyter-pytorch-rocm-py312-rhel9",
                "product": "Red Hat OpenShift AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778677734",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-workbench-jupyter-tensorflow-cuda-py312-rhel9",
                "product": "Red Hat OpenShift AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778677667",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-workbench-jupyter-tensorflow-rocm-py312-rhel9",
                "product": "Red Hat OpenShift AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778677717",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-workbench-jupyter-trustyai-cpu-py312-rhel9",
                "product": "Red Hat OpenShift AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778677722",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9",
                "product": "Red Hat OpenShift AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1782472374",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-trustyai-nemo-guardrails-server-rhel9",
                "product": "Red Hat OpenShift AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1782471606",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:quay:3.10::el8"
                ],
                "defaultStatus": "affected",
                "packageName": "quay/quay-rhel8",
                "product": "Red Hat Quay 3.10",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1779822261",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:quay:3.12::el8"
                ],
                "defaultStatus": "affected",
                "packageName": "quay/quay-rhel8",
                "product": "Red Hat Quay 3.12",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1779811412",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:quay:3.14::el8"
                ],
                "defaultStatus": "affected",
                "packageName": "quay/quay-rhel8",
                "product": "Red Hat Quay 3.14",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1779689392",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:quay:3.15::el8"
                ],
                "defaultStatus": "affected",
                "packageName": "quay/quay-rhel8",
                "product": "Red Hat Quay 3.15",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1780891395",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:quay:3.16::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "quay/quay-rhel9",
                "product": "Red Hat Quay 3.16",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1779204086",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:quay:3.17::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "quay/quay-rhel9",
                "product": "Red Hat Quay 3.17",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1779922205",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:quay:3.9::el8"
                ],
                "defaultStatus": "affected",
                "packageName": "quay/quay-rhel8",
                "product": "Red Hat Quay 3.9",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1779811473",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:lightspeed_core"
                ],
                "defaultStatus": "affected",
                "packageName": "lightspeed-core/rag-tool-rhel9",
                "product": "Lightspeed Core",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_lightspeed"
                ],
                "defaultStatus": "unaffected",
                "packageName": "openshift-lightspeed/lightspeed-ocp-rag-rhel9",
                "product": "OpenShift Lightspeed",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_lightspeed"
                ],
                "defaultStatus": "affected",
                "packageName": "openshift-lightspeed/lightspeed-service-api-rhel9",
                "product": "OpenShift Lightspeed",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_lightspeed"
                ],
                "defaultStatus": "affected",
                "packageName": "openshift-lightspeed-tech-preview/lightspeed-rag-tool-rhel9",
                "product": "OpenShift Lightspeed",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:ai_inference_server:3"
                ],
                "defaultStatus": "affected",
                "packageName": "rhaiis/vllm-cpu-rhel9",
                "product": "Red Hat AI Inference Server",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:ai_inference_server:3"
                ],
                "defaultStatus": "affected",
                "packageName": "rhaiis/vllm-neuron-rhel9",
                "product": "Red Hat AI Inference Server",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:ai_inference_server:3"
                ],
                "defaultStatus": "affected",
                "packageName": "rhaiis/vllm-tpu-rhel9",
                "product": "Red Hat AI Inference Server",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2"
                ],
                "defaultStatus": "affected",
                "packageName": "ansible-automation-platform-25/lightspeed-chatbot-rhel8",
                "product": "Red Hat Ansible Automation Platform 2",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2"
                ],
                "defaultStatus": "unaffected",
                "packageName": "python-pillow",
                "product": "Red Hat Ansible Automation Platform 2",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "unknown",
                "packageName": "python-pillow",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "affected",
                "packageName": "python-pillow",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-caikit-nlp-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-kserve-agent-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-kserve-controller-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-kserve-router-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-kserve-storage-initializer-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-llama-stack-core-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-llm-d-inference-scheduler-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-mlflow-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-openvino-model-server-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-vllm-cuda-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-vllm-gaudi-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-vllm-rocm-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-04-15T22:53:56.147Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to trigger a denial of service (DoS) by providing a specially crafted FITS image file. The library\u0027s failure to limit the amount of GZIP-compressed data during decoding can lead to unbounded memory consumption, causing the system to crash or experience severe performance issues."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-409",
                    "description": "Improper Handling of Highly Compressed Data (Data Amplification)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T01:01:16.471Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-40192"
              },
              {
                "name": "RHBZ#2458856",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458856"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40192.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24761"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27076"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24762"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34366"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34368"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34365"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16008"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16030"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16009"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16174"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24866"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17611"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17609"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24977"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19712"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:37275"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22840"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22629"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21017"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24853"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19375"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22465"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:23361"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:24761: Red Hat Ansible Automation Platform 2.5 for RHEL 8, Red Hat Ansible Automation Platform 2.5 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:27076: Red Hat Satellite 6.16 for RHEL 8, Red Hat Satellite 6.16 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:24762: Red Hat Ansible Automation Platform 2.6 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34366: Red Hat Satellite 6.17 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34368: Red Hat Satellite 6.18 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34365: Red Hat Satellite 6.19 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16008: Red Hat AI Inference Server 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16030: Red Hat AI Inference Server 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16009: Red Hat AI Inference Server 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16174: Red Hat AI Inference Server 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:24866: Red Hat Ansible Automation Platform 2.6"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17611: Red Hat Enterprise Linux AI 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17609: Red Hat Enterprise Linux AI 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:24977: Red Hat OpenShift AI 2.25"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19712: Red Hat OpenShift AI 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:37275: Red Hat OpenShift AI 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22840: Red Hat Quay 3.10"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22629: Red Hat Quay 3.12"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21017: Red Hat Quay 3.14"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:24853: Red Hat Quay 3.15"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19375: Red Hat Quay 3.16"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22465: Red Hat Quay 3.17"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:23361: Red Hat Quay 3.9"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-04-16T00:00:49.590Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-04-15T22:53:56.147Z",
                "value": "Made public."
              }
            ],
            "title": "Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing",
            "workarounds": [
              {
                "lang": "en",
                "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Pillow",
              "vendor": "python-pillow",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 10.3.0, \u003c 12.2.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leading to denial of service (OOM crash or severe performance degradation). If users are unable to immediately upgrade, they should only open specific image formats, excluding FITS, as a workaround."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-15T22:53:56.147Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-whj4-6x5x-4v2j",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-whj4-6x5x-4v2j"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/pull/9521",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/pull/9521"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628"
            },
            {
              "name": "https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html#prevent-fits-decompression-bomb",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html#prevent-fits-decompression-bomb"
            }
          ],
          "source": {
            "advisory": "GHSA-whj4-6x5x-4v2j",
            "discovery": "UNKNOWN"
          },
          "title": "Pillow is vulnerable to a FITS GZIP decompression bomb"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-40192",
        "datePublished": "2026-04-15T22:53:56.147Z",
        "dateReserved": "2026-04-09T20:59:17.620Z",
        "dateUpdated": "2026-07-15T01:01:16.471Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59198 (GCVE-0-2026-59198)

    Vulnerability from cvelistv5 – Published: 2026-07-14 16:07 – Updated: 2026-07-14 19:55
    VLAI
    Title
    Pillow TGA RLE encoder can serialize up to ~57 KB of adjacent heap data into generated images
    Summary
    Pillow is a Python imaging library. From 5.2.0 until 12.3.0, Pillow's TGA RLE encoder reads past its packed row buffer when saving a mode 1 image with TGA RLE compression, allowing adjacent process heap bytes to be copied into the generated TGA file. This issue is fixed in version 12.3.0.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    python-pillow Pillow Affected: >= 5.2.0, < 12.3.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59198",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T19:44:23.310384Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T19:55:56.380Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-fj7v-r99m-22gq"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Pillow",
              "vendor": "python-pillow",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 5.2.0, \u003c 12.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Pillow is a Python imaging library. From 5.2.0 until 12.3.0, Pillow\u0027s TGA RLE encoder reads past its packed row buffer when saving a mode 1 image with TGA RLE compression, allowing adjacent process heap bytes to be copied into the generated TGA file. This issue is fixed in version 12.3.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T16:07:56.562Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-fj7v-r99m-22gq",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-fj7v-r99m-22gq"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/pull/9709",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/pull/9709"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/commit/eada3cbd7fb9963ee90673fb7b5270124a0d5f4b",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/commit/eada3cbd7fb9963ee90673fb7b5270124a0d5f4b"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/releases/tag/12.3.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/releases/tag/12.3.0"
            }
          ],
          "source": {
            "advisory": "GHSA-fj7v-r99m-22gq",
            "discovery": "UNKNOWN"
          },
          "title": "Pillow TGA RLE encoder can serialize up to ~57 KB of adjacent heap data into generated images"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-59198",
        "datePublished": "2026-07-14T16:07:56.562Z",
        "dateReserved": "2026-07-02T19:53:48.831Z",
        "dateUpdated": "2026-07-14T19:55:56.380Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59205 (GCVE-0-2026-59205)

    Vulnerability from cvelistv5 – Published: 2026-07-14 15:48 – Updated: 2026-07-14 17:31
    VLAI
    Title
    Pillow: Controlled heap out-of-bounds write in `ImageCmsTransform.apply()` via output mode mismatch
    Summary
    Pillow is a Python imaging library. Prior to 12.3.0, Pillow's ImageCms.ImageCmsTransform.apply(im, imOut) API can trigger controlled native heap corruption when the caller supplies an output image whose mode does not match the transform's declared output mode. This issue is fixed in version 12.3.0.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    python-pillow Pillow Affected: < 12.3.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59205",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T17:30:37.376489Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T17:31:36.064Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-9hw9-ch79-4vh6"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Pillow",
              "vendor": "python-pillow",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 12.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Pillow is a Python imaging library. Prior to 12.3.0, Pillow\u0027s ImageCms.ImageCmsTransform.apply(im, imOut) API can trigger controlled native heap corruption when the caller supplies an output image whose mode does not match the transform\u0027s declared output mode. This issue is fixed in version 12.3.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T15:48:39.962Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-9hw9-ch79-4vh6",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-9hw9-ch79-4vh6"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/pull/9715",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/pull/9715"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/commit/a9ffc42bedf4fc0a7ef8d6486e7f9e81e3397721",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/commit/a9ffc42bedf4fc0a7ef8d6486e7f9e81e3397721"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/releases/tag/12.3.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/releases/tag/12.3.0"
            }
          ],
          "source": {
            "advisory": "GHSA-9hw9-ch79-4vh6",
            "discovery": "UNKNOWN"
          },
          "title": "Pillow: Controlled heap out-of-bounds write in `ImageCmsTransform.apply()` via output mode mismatch"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-59205",
        "datePublished": "2026-07-14T15:48:39.962Z",
        "dateReserved": "2026-07-02T21:05:02.924Z",
        "dateUpdated": "2026-07-14T17:31:36.064Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59203 (GCVE-0-2026-59203)

    Vulnerability from cvelistv5 – Published: 2026-07-14 15:43 – Updated: 2026-07-14 15:49
    VLAI
    Title
    Pillow EpsImagePlugin negative %%BeginBinary byte count causes infinite loop denial of service
    Summary
    Pillow is a Python imaging library. From 12.0.0 through 12.2.0, Pillow's EPS parser in PIL/EpsImagePlugin.py accepts a negative byte count in the %%BeginBinary directive, allowing a crafted EPS file to cause Image.open() to seek backwards to the same directive and parse it repeatedly in an infinite loop. This issue is fixed in version 12.3.0.
    CWE
    • CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
    Assigner
    Impacted products
    Vendor Product Version
    python-pillow Pillow Affected: >= 12.0.0, < 12.3.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "Pillow",
              "vendor": "python-pillow",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 12.0.0, \u003c 12.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Pillow is a Python imaging library. From 12.0.0 through 12.2.0, Pillow\u0027s EPS parser in PIL/EpsImagePlugin.py accepts a negative byte count in the %%BeginBinary directive, allowing a crafted EPS file to cause Image.open() to seek backwards to the same directive and parse it repeatedly in an infinite loop. This issue is fixed in version 12.3.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-835",
                  "description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T15:49:07.973Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-pg7v-jwj7-p798",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-pg7v-jwj7-p798"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/pull/9708",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/pull/9708"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/commit/03992618118b4a76b6163cd72ab5ecd684133b83",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/commit/03992618118b4a76b6163cd72ab5ecd684133b83"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/releases/tag/12.3.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/releases/tag/12.3.0"
            }
          ],
          "source": {
            "advisory": "GHSA-pg7v-jwj7-p798",
            "discovery": "UNKNOWN"
          },
          "title": "Pillow EpsImagePlugin negative %%BeginBinary byte count causes infinite loop denial of service"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-59203",
        "datePublished": "2026-07-14T15:43:58.333Z",
        "dateReserved": "2026-07-02T21:05:02.923Z",
        "dateUpdated": "2026-07-14T15:49:07.973Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59199 (GCVE-0-2026-59199)

    Vulnerability from cvelistv5 – Published: 2026-07-14 15:42 – Updated: 2026-07-14 15:42
    VLAI
    Title
    Pillow: Heap out-of-bounds write `Image.paste()` / `Image.crop()` via signed coordinate overflow
    Summary
    Pillow is a Python imaging library. Prior to 12.3.0, Pillow public image coordinate APIs can trigger a native heap out-of-bounds write when given coordinates near the signed 32-bit integer limits in Image.paste(), Image.crop(), or Image.alpha_composite(). This issue is fixed in version 12.3.0.
    CWE
    • CWE-190 - Integer Overflow or Wraparound
    • CWE-787 - Out-of-bounds Write
    Assigner
    Impacted products
    Vendor Product Version
    python-pillow Pillow Affected: < 12.3.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "Pillow",
              "vendor": "python-pillow",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 12.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Pillow is a Python imaging library. Prior to 12.3.0, Pillow public image coordinate APIs can trigger a native heap out-of-bounds write when given coordinates near the signed 32-bit integer limits in Image.paste(), Image.crop(), or Image.alpha_composite(). This issue is fixed in version 12.3.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190: Integer Overflow or Wraparound",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T15:42:15.071Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-6r8x-57c9-28j4",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-6r8x-57c9-28j4"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/pull/9703",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/pull/9703"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/commit/ceefc348eb3c3844c7f9796ef2cc3a7dd5fbba7b",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/commit/ceefc348eb3c3844c7f9796ef2cc3a7dd5fbba7b"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/releases/tag/12.3.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/releases/tag/12.3.0"
            }
          ],
          "source": {
            "advisory": "GHSA-6r8x-57c9-28j4",
            "discovery": "UNKNOWN"
          },
          "title": "Pillow: Heap out-of-bounds write `Image.paste()` / `Image.crop()` via signed coordinate overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-59199",
        "datePublished": "2026-07-14T15:42:15.071Z",
        "dateReserved": "2026-07-02T19:53:48.831Z",
        "dateUpdated": "2026-07-14T15:42:15.071Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59204 (GCVE-0-2026-59204)

    Vulnerability from cvelistv5 – Published: 2026-07-14 15:38 – Updated: 2026-07-14 15:38
    VLAI
    Title
    Pillow JPEG2000 tiled decode retains a growing scratch buffer and can be used for denial of service
    Summary
    Pillow is a Python imaging library. From 8.2.0 through 12.2.0, src/libImaging/Jpeg2KDecode.c accumulates total_component_width across every tile in a JPEG2000 image instead of recomputing it per tile, allowing a crafted tiled JPEG2000 file to force substantially higher transient memory usage and trigger out-of-memory failures during decoding. This issue is fixed in version 12.3.0.
    CWE
    • CWE-789 - Memory Allocation with Excessive Size Value
    Assigner
    Impacted products
    Vendor Product Version
    python-pillow Pillow Affected: >= 8.2.0, < 12.3.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "Pillow",
              "vendor": "python-pillow",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 8.2.0, \u003c 12.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Pillow is a Python imaging library. From 8.2.0 through 12.2.0, src/libImaging/Jpeg2KDecode.c accumulates total_component_width across every tile in a JPEG2000 image instead of recomputing it per tile, allowing a crafted tiled JPEG2000 file to force substantially higher transient memory usage and trigger out-of-memory failures during decoding. This issue is fixed in version 12.3.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-789",
                  "description": "CWE-789: Memory Allocation with Excessive Size Value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T15:38:29.545Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-vjc4-5qp5-m44j",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-vjc4-5qp5-m44j"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/pull/9704",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/pull/9704"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/commit/13ada41172142f2fd9f0906f615a00ea623a11ca",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/commit/13ada41172142f2fd9f0906f615a00ea623a11ca"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/releases/tag/12.3.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/releases/tag/12.3.0"
            }
          ],
          "source": {
            "advisory": "GHSA-vjc4-5qp5-m44j",
            "discovery": "UNKNOWN"
          },
          "title": "Pillow JPEG2000 tiled decode retains a growing scratch buffer and can be used for denial of service"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-59204",
        "datePublished": "2026-07-14T15:38:29.545Z",
        "dateReserved": "2026-07-02T21:05:02.923Z",
        "dateUpdated": "2026-07-14T15:38:29.545Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55379 (GCVE-0-2026-55379)

    Vulnerability from cvelistv5 – Published: 2026-07-06 18:52 – Updated: 2026-07-06 19:17
    VLAI
    Title
    Pillow BdfFontFile`: `Image.new()` called without `_decompression_bomb_check()` — bomb protection bypass via font loading
    Summary
    Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdf_char() read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new() without calling Image._decompression_bomb_check(), bypassing Pillow's documented decompression bomb protection and allowing excessive memory allocation. This issue is fixed in version 12.3.0.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-789 - Memory Allocation with Excessive Size Value
    Assigner
    Impacted products
    Vendor Product Version
    python-pillow Pillow Affected: < 12.3.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55379",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T19:16:56.631649Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T19:17:03.941Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-45hq-cxwh-f6vc"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Pillow",
              "vendor": "python-pillow",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 12.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdf_char() read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new() without calling Image._decompression_bomb_check(), bypassing Pillow\u0027s documented decompression bomb protection and allowing excessive memory allocation. This issue is fixed in version 12.3.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-789",
                  "description": "CWE-789: Memory Allocation with Excessive Size Value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-06T18:52:11.633Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-45hq-cxwh-f6vc",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-45hq-cxwh-f6vc"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/commit/0a263e6264aa5399988d9acd3bbfbca2ca3ec77d",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/commit/0a263e6264aa5399988d9acd3bbfbca2ca3ec77d"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst"
            }
          ],
          "source": {
            "advisory": "GHSA-45hq-cxwh-f6vc",
            "discovery": "UNKNOWN"
          },
          "title": "Pillow BdfFontFile`: `Image.new()` called without `_decompression_bomb_check()` \u2014 bomb protection bypass via font loading"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55379",
        "datePublished": "2026-07-06T18:52:11.633Z",
        "dateReserved": "2026-06-16T18:57:40.181Z",
        "dateUpdated": "2026-07-06T19:17:03.941Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55380 (GCVE-0-2026-55380)

    Vulnerability from cvelistv5 – Published: 2026-07-06 18:50 – Updated: 2026-07-06 19:23
    VLAI
    Title
    Pillow GdImageFile decompression bomb protection bypass
    Summary
    Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile._open() read image dimensions from the GD 2.x header and stored them in self._size without calling Image._decompression_bomb_check(), allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This issue is fixed in version 12.3.0.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-789 - Memory Allocation with Excessive Size Value
    Assigner
    Impacted products
    Vendor Product Version
    python-pillow Pillow Affected: < 12.3.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55380",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T19:23:03.405538Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T19:23:30.046Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-phj9-mv4w-65pm"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Pillow",
              "vendor": "python-pillow",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 12.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile._open() read image dimensions from the GD 2.x header and stored them in self._size without calling Image._decompression_bomb_check(), allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This issue is fixed in version 12.3.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-789",
                  "description": "CWE-789: Memory Allocation with Excessive Size Value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-06T18:51:08.092Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-phj9-mv4w-65pm",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-phj9-mv4w-65pm"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/commit/f39b0ae6624eb2d7c5c5d651d9bb5fdbd96a8675",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/commit/f39b0ae6624eb2d7c5c5d651d9bb5fdbd96a8675"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst"
            }
          ],
          "source": {
            "advisory": "GHSA-phj9-mv4w-65pm",
            "discovery": "UNKNOWN"
          },
          "title": "Pillow GdImageFile decompression bomb protection bypass"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55380",
        "datePublished": "2026-07-06T18:50:14.789Z",
        "dateReserved": "2026-06-16T18:57:40.182Z",
        "dateUpdated": "2026-07-06T19:23:30.046Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54060 (GCVE-0-2026-54060)

    Vulnerability from cvelistv5 – Published: 2026-07-06 18:49 – Updated: 2026-07-07 14:08
    VLAI
    Title
    Pillow: `FontFile.compile()`: `Image.new()` called without `_decompression_bomb_check()`
    Summary
    Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile() assembled per-glyph images into a combined bitmap with Image.new("1", (xsize, ysize)) without calling Image._decompression_bomb_check(), allowing a font to trigger excessive allocation during conversion or saving. This issue is fixed in version 12.3.0.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-789 - Memory Allocation with Excessive Size Value
    Assigner
    Impacted products
    Vendor Product Version
    python-pillow Pillow Affected: < 12.3.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54060",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-07T14:07:46.646415Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-07T14:08:14.588Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-5x94-69rx-g8h2"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Pillow",
              "vendor": "python-pillow",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 12.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile() assembled per-glyph images into a combined bitmap with Image.new(\"1\", (xsize, ysize)) without calling Image._decompression_bomb_check(), allowing a font to trigger excessive allocation during conversion or saving. This issue is fixed in version 12.3.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-789",
                  "description": "CWE-789: Memory Allocation with Excessive Size Value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-06T18:49:23.788Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-5x94-69rx-g8h2",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-5x94-69rx-g8h2"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/commit/0a263e6264aa5399988d9acd3bbfbca2ca3ec77d",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/commit/0a263e6264aa5399988d9acd3bbfbca2ca3ec77d"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst"
            }
          ],
          "source": {
            "advisory": "GHSA-5x94-69rx-g8h2",
            "discovery": "UNKNOWN"
          },
          "title": "Pillow: `FontFile.compile()`: `Image.new()` called without `_decompression_bomb_check()`"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54060",
        "datePublished": "2026-07-06T18:49:23.788Z",
        "dateReserved": "2026-06-11T18:24:35.096Z",
        "dateUpdated": "2026-07-07T14:08:14.588Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54059 (GCVE-0-2026-54059)

    Vulnerability from cvelistv5 – Published: 2026-07-06 18:46 – Updated: 2026-07-07 16:57
    VLAI
    Title
    Pillow: PcfFontFile._load_bitmaps()`: `Image.frombytes()` called without `_decompression_bomb_check()` — bomb protection bypass via PCF font loading
    Summary
    Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py _load_bitmaps() read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes() without calling Image._decompression_bomb_check(), allowing crafted PCF font data to cause excessive memory allocation. This issue is fixed in version 12.3.0.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-789 - Memory Allocation with Excessive Size Value
    Assigner
    Impacted products
    Vendor Product Version
    python-pillow Pillow Affected: < 12.3.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54059",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-07T16:44:18.151665Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-07T16:57:53.021Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-8v84-f9pq-wr9x"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Pillow",
              "vendor": "python-pillow",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 12.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py _load_bitmaps() read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes() without calling Image._decompression_bomb_check(), allowing crafted PCF font data to cause excessive memory allocation. This issue is fixed in version 12.3.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-789",
                  "description": "CWE-789: Memory Allocation with Excessive Size Value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-06T18:47:07.748Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-8v84-f9pq-wr9x",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-8v84-f9pq-wr9x"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/commit/0a263e6264aa5399988d9acd3bbfbca2ca3ec77d",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/commit/0a263e6264aa5399988d9acd3bbfbca2ca3ec77d"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst"
            }
          ],
          "source": {
            "advisory": "GHSA-8v84-f9pq-wr9x",
            "discovery": "UNKNOWN"
          },
          "title": "Pillow: PcfFontFile._load_bitmaps()`: `Image.frombytes()` called without `_decompression_bomb_check()` \u2014 bomb protection bypass via PCF font loading"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54059",
        "datePublished": "2026-07-06T18:46:09.433Z",
        "dateReserved": "2026-06-11T18:24:35.096Z",
        "dateUpdated": "2026-07-07T16:57:53.021Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55798 (GCVE-0-2026-55798)

    Vulnerability from cvelistv5 – Published: 2026-07-06 18:44 – Updated: 2026-07-07 15:19
    VLAI
    Title
    Pillow: WindowsViewer.get_command() OS command injection via unescaped shell path
    Summary
    Pillow is a Python imaging library. Prior to 12.3.0, WindowsViewer.get_command() constructed a cmd.exe shell command by directly embedding a file path into an f-string without escaping and passed the result to subprocess.Popen(..., shell=True), allowing shell metacharacters in the file path to inject arbitrary cmd.exe commands. This issue is fixed in version 12.3.0.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    python-pillow Pillow Affected: < 12.3.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55798",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-07T15:19:30.348707Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-07T15:19:40.072Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-4x4j-2g7c-83w6"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Pillow",
              "vendor": "python-pillow",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 12.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Pillow is a Python imaging library. Prior to 12.3.0, WindowsViewer.get_command() constructed a cmd.exe shell command by directly embedding a file path into an f-string without escaping and passed the result to subprocess.Popen(..., shell=True), allowing shell metacharacters in the file path to inject arbitrary cmd.exe commands. This issue is fixed in version 12.3.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 4.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-06T18:44:38.441Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-4x4j-2g7c-83w6",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-4x4j-2g7c-83w6"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/commit/8404ea5fe5df40fc34aa1e51403dd6fce0778b8a",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/commit/8404ea5fe5df40fc34aa1e51403dd6fce0778b8a"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/commit/88194166691b7b603529b8b036ab3ab9cedd2de4",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/commit/88194166691b7b603529b8b036ab3ab9cedd2de4"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/commit/b0e06caa64c1405aa3da0bb1d2bd9a77ca22de7f",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/commit/b0e06caa64c1405aa3da0bb1d2bd9a77ca22de7f"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst"
            }
          ],
          "source": {
            "advisory": "GHSA-4x4j-2g7c-83w6",
            "discovery": "UNKNOWN"
          },
          "title": "Pillow: WindowsViewer.get_command() OS command injection via unescaped shell path"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55798",
        "datePublished": "2026-07-06T18:44:38.441Z",
        "dateReserved": "2026-06-17T14:40:28.381Z",
        "dateUpdated": "2026-07-07T15:19:40.072Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42311 (GCVE-0-2026-42311)

    Vulnerability from cvelistv5 – Published: 2026-05-09 04:11 – Updated: 2026-05-12 02:24
    VLAI
    Title
    Pillow: OOB Write with Invalid PSD Tile Extents (Integer Overflow)
    Summary
    Pillow is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution. This issue has been patched in version 12.2.0.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer Overflow or Wraparound
    • CWE-787 - Out-of-bounds Write
    Assigner
    Impacted products
    Vendor Product Version
    python-pillow Pillow Affected: >= 10.3.0, < 12.2.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42311",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T02:24:20.356743Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T02:24:33.053Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Pillow",
              "vendor": "python-pillow",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 10.3.0, \u003c 12.2.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Pillow is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution. This issue has been patched in version 12.2.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190: Integer Overflow or Wraparound",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-09T04:11:58.092Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-pwv6-vv43-88gr",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-pwv6-vv43-88gr"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/pull/9520",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/pull/9520"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/commit/58f9a1d166dcb0c274807d4423522d205b0c35ea",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/commit/58f9a1d166dcb0c274807d4423522d205b0c35ea"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/releases/tag/12.2.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/releases/tag/12.2.0"
            }
          ],
          "source": {
            "advisory": "GHSA-pwv6-vv43-88gr",
            "discovery": "UNKNOWN"
          },
          "title": "Pillow: OOB Write with Invalid PSD Tile Extents (Integer Overflow)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-42311",
        "datePublished": "2026-05-09T04:11:58.092Z",
        "dateReserved": "2026-04-26T12:37:18.169Z",
        "dateUpdated": "2026-05-12T02:24:33.053Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42310 (GCVE-0-2026-42310)

    Vulnerability from cvelistv5 – Published: 2026-05-09 04:10 – Updated: 2026-05-12 18:31
    VLAI
    Title
    Pillow: PDF Parsing Trailer Infinite Loop (DoS)
    Summary
    Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This issue has been patched in version 12.2.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
    Assigner
    Impacted products
    Vendor Product Version
    python-pillow Pillow Affected: >= 4.2.0, < 12.2.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42310",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T13:33:37.176930Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T18:31:10.271Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Pillow",
              "vendor": "python-pillow",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 4.2.0, \u003c 12.2.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This issue has been patched in version 12.2.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-835",
                  "description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-09T04:10:48.395Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-r73j-pqj5-w3x7",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-r73j-pqj5-w3x7"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/pull/9519",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/pull/9519"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/commit/3bf614e4b8615d0ce1d5039efaf6db447fe7c468",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/commit/3bf614e4b8615d0ce1d5039efaf6db447fe7c468"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/releases/tag/12.2.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/releases/tag/12.2.0"
            }
          ],
          "source": {
            "advisory": "GHSA-r73j-pqj5-w3x7",
            "discovery": "UNKNOWN"
          },
          "title": "Pillow: PDF Parsing Trailer Infinite Loop (DoS)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-42310",
        "datePublished": "2026-05-09T04:10:48.395Z",
        "dateReserved": "2026-04-26T12:37:18.169Z",
        "dateUpdated": "2026-05-12T18:31:10.271Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42308 (GCVE-0-2026-42308)

    Vulnerability from cvelistv5 – Published: 2026-05-09 04:09 – Updated: 2026-05-11 15:03
    VLAI
    Title
    Pillow: Integer overflow when processing fonts
    Summary
    Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer Overflow or Wraparound
    Assigner
    References
    Impacted products
    Vendor Product Version
    python-pillow Pillow Affected: < 12.2.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42308",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-11T15:02:54.644937Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-11T15:03:00.916Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Pillow",
              "vendor": "python-pillow",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 12.2.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190: Integer Overflow or Wraparound",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-09T04:09:01.631Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-wjx4-4jcj-g98j",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-wjx4-4jcj-g98j"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/releases/tag/12.2.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/releases/tag/12.2.0"
            }
          ],
          "source": {
            "advisory": "GHSA-wjx4-4jcj-g98j",
            "discovery": "UNKNOWN"
          },
          "title": "Pillow: Integer overflow when processing fonts"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-42308",
        "datePublished": "2026-05-09T04:09:01.631Z",
        "dateReserved": "2026-04-26T12:37:18.169Z",
        "dateUpdated": "2026-05-11T15:03:00.916Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42309 (GCVE-0-2026-42309)

    Vulnerability from cvelistv5 – Published: 2026-05-09 04:08 – Updated: 2026-05-11 14:48
    VLAI
    Title
    Pillow: Heap buffer overflow with nested list coordinates
    Summary
    Pillow is a Python imaging library. From version 11.2.1 to before version 12.2.0, passing nested lists as coordinates to APIs that accept coordinates such as ImagePath.Path, ImageDraw.ImageDraw.polygon and ImageDraw.ImageDraw.line could cause a heap buffer overflow, as nested lists were recursively unpacked beyond the allocated buffer. Coordinate lists are now validated to contain exactly two numeric coordinates. This issue has been patched in version 12.2.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    python-pillow Pillow Affected: >= 11.2.1, < 12.2.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42309",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-11T14:48:09.669871Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-11T14:48:18.204Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Pillow",
              "vendor": "python-pillow",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 11.2.1, \u003c 12.2.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Pillow is a Python imaging library. From version 11.2.1 to before version 12.2.0, passing nested lists as coordinates to APIs that accept coordinates such as ImagePath.Path, ImageDraw.ImageDraw.polygon and ImageDraw.ImageDraw.line could cause a heap buffer overflow, as nested lists were recursively unpacked beyond the allocated buffer. Coordinate lists are now validated to contain exactly two numeric coordinates. This issue has been patched in version 12.2.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-09T04:08:10.517Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-5xmw-vc9v-4wf2",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-5xmw-vc9v-4wf2"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/releases/tag/12.2.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/releases/tag/12.2.0"
            }
          ],
          "source": {
            "advisory": "GHSA-5xmw-vc9v-4wf2",
            "discovery": "UNKNOWN"
          },
          "title": "Pillow: Heap buffer overflow with nested list coordinates"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-42309",
        "datePublished": "2026-05-09T04:08:10.517Z",
        "dateReserved": "2026-04-26T12:37:18.169Z",
        "dateUpdated": "2026-05-11T14:48:18.204Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40192 (GCVE-0-2026-40192)

    Vulnerability from cvelistv5 – Published: 2026-04-15 22:53 – Updated: 2026-07-15 01:01
    VLAI
    Title
    Pillow is vulnerable to a FITS GZIP decompression bomb
    Summary
    Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leading to denial of service (OOM crash or severe performance degradation). If users are unable to immediately upgrade, they should only open specific image formats, excluding FITS, as a workaround.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    • CWE-400 - Uncontrolled Resource Consumption
    • CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)
    Assigner
    References
    URL Tags
    https://github.com/python-pillow/Pillow/security/… x_refsource_CONFIRM
    https://github.com/python-pillow/Pillow/pull/9521 x_refsource_MISC
    https://github.com/python-pillow/Pillow/commit/3c… x_refsource_MISC
    https://pillow.readthedocs.io/en/stable/releaseno… x_refsource_MISC
    https://access.redhat.com/security/cve/CVE-2026-40192 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2458856 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    https://access.redhat.com/errata/RHSA-2026:24761 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:27076 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:24762 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34366 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34368 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34365 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16008 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16030 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16009 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16174 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:24866 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17611 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17609 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:24977 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19712 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:37275 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22840 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22629 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21017 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:24853 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19375 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22465 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:23361 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    python-pillow Pillow Affected: >= 10.3.0, < 12.2.0
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:12.2.0-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:12.2.0-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.6 for RHEL 9 Unaffected: 0:12.2.0-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.6::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.16 for RHEL 8 Unaffected: 0:12.2.0-1.el8pc , < * (rpm)
        cpe:/a:redhat:satellite:6.16::el8
        cpe:/a:redhat:satellite_capsule:6.16::el8
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.16 for RHEL 9 Unaffected: 0:12.2.0-1.el9pc , < * (rpm)
        cpe:/a:redhat:satellite:6.16::el9
        cpe:/a:redhat:satellite_capsule:6.16::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:12.2.0-1.el9pc , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.18 for RHEL 9 Unaffected: 0:12.2.0-1.el9pc , < * (rpm)
        cpe:/a:redhat:satellite:6.18::el9
        cpe:/a:redhat:satellite_capsule:6.18::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.19 for RHEL 9 Unaffected: 0:12.2.0-1.el9pc , < * (rpm)
        cpe:/a:redhat:satellite:6.19::el9
        cpe:/a:redhat:satellite_capsule:6.19::el9
    Create a notification for this product.
    Red Hat Red Hat AI Inference Server 3.3 Unaffected: 1778244559 , < * (rpm)
        cpe:/a:redhat:ai_inference_server:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat AI Inference Server 3.3 Unaffected: 1778244531 , < * (rpm)
        cpe:/a:redhat:ai_inference_server:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat AI Inference Server 3.3 Unaffected: 1778274666 , < * (rpm)
        cpe:/a:redhat:ai_inference_server:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat AI Inference Server 3.3 Unaffected: 1778244546 , < * (rpm)
        cpe:/a:redhat:ai_inference_server:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.6 Unaffected: 1779761061 , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.6::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.6 Unaffected: 1780102732 , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.6::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AI 3.3 Unaffected: 1778690639 , < * (rpm)
        cpe:/a:redhat:enterprise_linux_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AI 3.3 Unaffected: 1778677633 , < * (rpm)
        cpe:/a:redhat:enterprise_linux_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AI 3.3 Unaffected: 1778677632 , < * (rpm)
        cpe:/a:redhat:enterprise_linux_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AI 3.3 Unaffected: 1778677745 , < * (rpm)
        cpe:/a:redhat:enterprise_linux_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AI 3.3 Unaffected: 1778666122 , < * (rpm)
        cpe:/a:redhat:enterprise_linux_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AI 3.3 Unaffected: 1778666124 , < * (rpm)
        cpe:/a:redhat:enterprise_linux_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 2.25 Unaffected: 1780388133 , < * (rpm)
        cpe:/a:redhat:openshift_ai:2.25::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.3 Unaffected: 1778677779 , < * (rpm)
        cpe:/a:redhat:openshift_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.3 Unaffected: 1778677692 , < * (rpm)
        cpe:/a:redhat:openshift_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.3 Unaffected: 1778262893 , < * (rpm)
        cpe:/a:redhat:openshift_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.3 Unaffected: 1778677701 , < * (rpm)
        cpe:/a:redhat:openshift_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.3 Unaffected: 1778677741 , < * (rpm)
        cpe:/a:redhat:openshift_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.3 Unaffected: 1778677767 , < * (rpm)
        cpe:/a:redhat:openshift_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.3 Unaffected: 1779123334 , < * (rpm)
        cpe:/a:redhat:openshift_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.3 Unaffected: 1778263128 , < * (rpm)
        cpe:/a:redhat:openshift_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.3 Unaffected: 1778782933 , < * (rpm)
        cpe:/a:redhat:openshift_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.3 Unaffected: 1778677718 , < * (rpm)
        cpe:/a:redhat:openshift_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.3 Unaffected: 1778677716 , < * (rpm)
        cpe:/a:redhat:openshift_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.3 Unaffected: 1778263054 , < * (rpm)
        cpe:/a:redhat:openshift_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.3 Unaffected: 1778677734 , < * (rpm)
        cpe:/a:redhat:openshift_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.3 Unaffected: 1778677667 , < * (rpm)
        cpe:/a:redhat:openshift_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.3 Unaffected: 1778677717 , < * (rpm)
        cpe:/a:redhat:openshift_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.3 Unaffected: 1778677722 , < * (rpm)
        cpe:/a:redhat:openshift_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.3 Unaffected: 1782472374 , < * (rpm)
        cpe:/a:redhat:openshift_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.3 Unaffected: 1782471606 , < * (rpm)
        cpe:/a:redhat:openshift_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat Quay 3.10 Unaffected: 1779822261 , < * (rpm)
        cpe:/a:redhat:quay:3.10::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.12 Unaffected: 1779811412 , < * (rpm)
        cpe:/a:redhat:quay:3.12::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.14 Unaffected: 1779689392 , < * (rpm)
        cpe:/a:redhat:quay:3.14::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.15 Unaffected: 1780891395 , < * (rpm)
        cpe:/a:redhat:quay:3.15::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.16 Unaffected: 1779204086 , < * (rpm)
        cpe:/a:redhat:quay:3.16::el9
    Create a notification for this product.
    Red Hat Red Hat Quay 3.17 Unaffected: 1779922205 , < * (rpm)
        cpe:/a:redhat:quay:3.17::el9
    Create a notification for this product.
    Red Hat Red Hat Quay 3.9 Unaffected: 1779811473 , < * (rpm)
        cpe:/a:redhat:quay:3.9::el8
    Create a notification for this product.
    Red Hat Lightspeed Core     cpe:/a:redhat:lightspeed_core
    Create a notification for this product.
    Red Hat OpenShift Lightspeed     cpe:/a:redhat:openshift_lightspeed
    Create a notification for this product.
    Red Hat Red Hat AI Inference Server     cpe:/a:redhat:ai_inference_server:3
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40192",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-16T13:37:11.864898Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-16T13:37:19.918Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
                ],
                "defaultStatus": "affected",
                "packageName": "python3.12-pillow",
                "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "0:12.2.0-1.el8ap",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2.5::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "python3.12-pillow",
                "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "0:12.2.0-1.el9ap",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2.6::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "python3.12-pillow",
                "product": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "0:12.2.0-1.el9ap",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:satellite:6.16::el8",
                  "cpe:/a:redhat:satellite_capsule:6.16::el8"
                ],
                "defaultStatus": "affected",
                "packageName": "python-pillow",
                "product": "Red Hat Satellite 6.16 for RHEL 8",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "0:12.2.0-1.el8pc",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:satellite:6.16::el9",
                  "cpe:/a:redhat:satellite_capsule:6.16::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "python-pillow",
                "product": "Red Hat Satellite 6.16 for RHEL 9",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "0:12.2.0-1.el9pc",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:satellite:6.17::el9",
                  "cpe:/a:redhat:satellite_capsule:6.17::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "python-pillow",
                "product": "Red Hat Satellite 6.17 for RHEL 9",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "0:12.2.0-1.el9pc",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:satellite:6.18::el9",
                  "cpe:/a:redhat:satellite_capsule:6.18::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "python3.12-pillow",
                "product": "Red Hat Satellite 6.18 for RHEL 9",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "0:12.2.0-1.el9pc",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:satellite:6.19::el9",
                  "cpe:/a:redhat:satellite_capsule:6.19::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "python3.12-pillow",
                "product": "Red Hat Satellite 6.19 for RHEL 9",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "0:12.2.0-1.el9pc",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:ai_inference_server:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhaiis/model-opt-cuda-rhel9",
                "product": "Red Hat AI Inference Server 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778244559",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:ai_inference_server:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhaiis/vllm-rocm-rhel9",
                "product": "Red Hat AI Inference Server 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778244531",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:ai_inference_server:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhaiis/vllm-cuda-rhel9",
                "product": "Red Hat AI Inference Server 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778274666",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:ai_inference_server:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhaiis/vllm-spyre-rhel9",
                "product": "Red Hat AI Inference Server 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778244546",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2.6::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "ansible-automation-platform-26/hub-rhel9",
                "product": "Red Hat Ansible Automation Platform 2.6",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1779761061",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2.6::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "ansible-automation-platform-26/lightspeed-chatbot-rhel9",
                "product": "Red Hat Ansible Automation Platform 2.6",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1780102732",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhelai3/disk-image-cuda-rhel9",
                "product": "Red Hat Enterprise Linux AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778690639",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhelai3/bootc-aws-cuda-rhel9",
                "product": "Red Hat Enterprise Linux AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778677633",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhelai3/bootc-azure-cuda-rhel9",
                "product": "Red Hat Enterprise Linux AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778677632",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhelai3/bootc-azure-rocm-rhel9",
                "product": "Red Hat Enterprise Linux AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778677745",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhelai3/bootc-cuda-rhel9",
                "product": "Red Hat Enterprise Linux AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778666122",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhelai3/bootc-gcp-cuda-rhel9",
                "product": "Red Hat Enterprise Linux AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778677632",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhelai3/bootc-rocm-rhel9",
                "product": "Red Hat Enterprise Linux AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778666124",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:2.25::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-caikit-tgis-serving-rhel9",
                "product": "Red Hat OpenShift AI 2.25",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1780388133",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-pipeline-runtime-datascience-cpu-py312-rhel9",
                "product": "Red Hat OpenShift AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778677779",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-pipeline-runtime-pytorch-cuda-py312-rhel9",
                "product": "Red Hat OpenShift AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778677692",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-pipeline-runtime-pytorch-llmcompressor-cuda-py312-rhel9",
                "product": "Red Hat OpenShift AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778262893",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-pipeline-runtime-pytorch-rocm-py312-rhel9",
                "product": "Red Hat OpenShift AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778677701",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-pipeline-runtime-tensorflow-cuda-py312-rhel9",
                "product": "Red Hat OpenShift AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778677741",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-pipeline-runtime-tensorflow-rocm-py312-rhel9",
                "product": "Red Hat OpenShift AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778677767",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-training-cuda128-torch29-py312-rhel9",
                "product": "Red Hat OpenShift AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1779123334",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-training-rocm64-torch29-py312-rhel9",
                "product": "Red Hat OpenShift AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778263128",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-workbench-codeserver-datascience-cpu-py312-rhel9",
                "product": "Red Hat OpenShift AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778782933",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-workbench-jupyter-datascience-cpu-py312-rhel9",
                "product": "Red Hat OpenShift AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778677718",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-workbench-jupyter-pytorch-cuda-py312-rhel9",
                "product": "Red Hat OpenShift AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778677716",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-workbench-jupyter-pytorch-llmcompressor-cuda-py312-rhel9",
                "product": "Red Hat OpenShift AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778263054",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-workbench-jupyter-pytorch-rocm-py312-rhel9",
                "product": "Red Hat OpenShift AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778677734",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-workbench-jupyter-tensorflow-cuda-py312-rhel9",
                "product": "Red Hat OpenShift AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778677667",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-workbench-jupyter-tensorflow-rocm-py312-rhel9",
                "product": "Red Hat OpenShift AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778677717",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-workbench-jupyter-trustyai-cpu-py312-rhel9",
                "product": "Red Hat OpenShift AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1778677722",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9",
                "product": "Red Hat OpenShift AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1782472374",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-trustyai-nemo-guardrails-server-rhel9",
                "product": "Red Hat OpenShift AI 3.3",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1782471606",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:quay:3.10::el8"
                ],
                "defaultStatus": "affected",
                "packageName": "quay/quay-rhel8",
                "product": "Red Hat Quay 3.10",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1779822261",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:quay:3.12::el8"
                ],
                "defaultStatus": "affected",
                "packageName": "quay/quay-rhel8",
                "product": "Red Hat Quay 3.12",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1779811412",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:quay:3.14::el8"
                ],
                "defaultStatus": "affected",
                "packageName": "quay/quay-rhel8",
                "product": "Red Hat Quay 3.14",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1779689392",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:quay:3.15::el8"
                ],
                "defaultStatus": "affected",
                "packageName": "quay/quay-rhel8",
                "product": "Red Hat Quay 3.15",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1780891395",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:quay:3.16::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "quay/quay-rhel9",
                "product": "Red Hat Quay 3.16",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1779204086",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:quay:3.17::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "quay/quay-rhel9",
                "product": "Red Hat Quay 3.17",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1779922205",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:quay:3.9::el8"
                ],
                "defaultStatus": "affected",
                "packageName": "quay/quay-rhel8",
                "product": "Red Hat Quay 3.9",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1779811473",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:lightspeed_core"
                ],
                "defaultStatus": "affected",
                "packageName": "lightspeed-core/rag-tool-rhel9",
                "product": "Lightspeed Core",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_lightspeed"
                ],
                "defaultStatus": "unaffected",
                "packageName": "openshift-lightspeed/lightspeed-ocp-rag-rhel9",
                "product": "OpenShift Lightspeed",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_lightspeed"
                ],
                "defaultStatus": "affected",
                "packageName": "openshift-lightspeed/lightspeed-service-api-rhel9",
                "product": "OpenShift Lightspeed",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_lightspeed"
                ],
                "defaultStatus": "affected",
                "packageName": "openshift-lightspeed-tech-preview/lightspeed-rag-tool-rhel9",
                "product": "OpenShift Lightspeed",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:ai_inference_server:3"
                ],
                "defaultStatus": "affected",
                "packageName": "rhaiis/vllm-cpu-rhel9",
                "product": "Red Hat AI Inference Server",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:ai_inference_server:3"
                ],
                "defaultStatus": "affected",
                "packageName": "rhaiis/vllm-neuron-rhel9",
                "product": "Red Hat AI Inference Server",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:ai_inference_server:3"
                ],
                "defaultStatus": "affected",
                "packageName": "rhaiis/vllm-tpu-rhel9",
                "product": "Red Hat AI Inference Server",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2"
                ],
                "defaultStatus": "affected",
                "packageName": "ansible-automation-platform-25/lightspeed-chatbot-rhel8",
                "product": "Red Hat Ansible Automation Platform 2",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2"
                ],
                "defaultStatus": "unaffected",
                "packageName": "python-pillow",
                "product": "Red Hat Ansible Automation Platform 2",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "unknown",
                "packageName": "python-pillow",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "affected",
                "packageName": "python-pillow",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-caikit-nlp-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-kserve-agent-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-kserve-controller-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-kserve-router-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-kserve-storage-initializer-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-llama-stack-core-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-llm-d-inference-scheduler-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-mlflow-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-openvino-model-server-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-vllm-cuda-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-vllm-gaudi-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-vllm-rocm-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-04-15T22:53:56.147Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to trigger a denial of service (DoS) by providing a specially crafted FITS image file. The library\u0027s failure to limit the amount of GZIP-compressed data during decoding can lead to unbounded memory consumption, causing the system to crash or experience severe performance issues."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-409",
                    "description": "Improper Handling of Highly Compressed Data (Data Amplification)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T01:01:16.471Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-40192"
              },
              {
                "name": "RHBZ#2458856",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458856"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40192.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24761"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27076"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24762"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34366"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34368"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34365"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16008"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16030"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16009"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16174"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24866"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17611"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17609"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24977"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19712"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:37275"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22840"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22629"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21017"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24853"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19375"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22465"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:23361"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:24761: Red Hat Ansible Automation Platform 2.5 for RHEL 8, Red Hat Ansible Automation Platform 2.5 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:27076: Red Hat Satellite 6.16 for RHEL 8, Red Hat Satellite 6.16 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:24762: Red Hat Ansible Automation Platform 2.6 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34366: Red Hat Satellite 6.17 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34368: Red Hat Satellite 6.18 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34365: Red Hat Satellite 6.19 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16008: Red Hat AI Inference Server 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16030: Red Hat AI Inference Server 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16009: Red Hat AI Inference Server 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16174: Red Hat AI Inference Server 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:24866: Red Hat Ansible Automation Platform 2.6"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17611: Red Hat Enterprise Linux AI 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17609: Red Hat Enterprise Linux AI 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:24977: Red Hat OpenShift AI 2.25"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19712: Red Hat OpenShift AI 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:37275: Red Hat OpenShift AI 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22840: Red Hat Quay 3.10"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22629: Red Hat Quay 3.12"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21017: Red Hat Quay 3.14"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:24853: Red Hat Quay 3.15"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19375: Red Hat Quay 3.16"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22465: Red Hat Quay 3.17"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:23361: Red Hat Quay 3.9"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-04-16T00:00:49.590Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-04-15T22:53:56.147Z",
                "value": "Made public."
              }
            ],
            "title": "Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing",
            "workarounds": [
              {
                "lang": "en",
                "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Pillow",
              "vendor": "python-pillow",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 10.3.0, \u003c 12.2.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leading to denial of service (OOM crash or severe performance degradation). If users are unable to immediately upgrade, they should only open specific image formats, excluding FITS, as a workaround."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-15T22:53:56.147Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-whj4-6x5x-4v2j",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-whj4-6x5x-4v2j"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/pull/9521",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/pull/9521"
            },
            {
              "name": "https://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628"
            },
            {
              "name": "https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html#prevent-fits-decompression-bomb",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html#prevent-fits-decompression-bomb"
            }
          ],
          "source": {
            "advisory": "GHSA-whj4-6x5x-4v2j",
            "discovery": "UNKNOWN"
          },
          "title": "Pillow is vulnerable to a FITS GZIP decompression bomb"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-40192",
        "datePublished": "2026-04-15T22:53:56.147Z",
        "dateReserved": "2026-04-09T20:59:17.620Z",
        "dateUpdated": "2026-07-15T01:01:16.471Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }