All 8 CVE vulnerabilities found in Pillow, with AI-generated Chinese analysis, references, and POCs.
Vendor: n/a
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-42311 | Pillow: OOB Write with Invalid PSD Tile Extents (Integer Overflow) CWE-190 | 7.8AI | HighAI | 2026-05-09 |
| CVE-2026-42310 | Pillow: PDF Parsing Trailer Infinite Loop (DoS) CWE-835 | 5.5AI | MediumAI | 2026-05-09 |
| CVE-2026-42308 | Pillow: Integer overflow when processing fonts CWE-190 | 9.1AI | CriticalAI | 2026-05-09 |
| CVE-2026-42309 | Pillow: Heap buffer overflow with nested list coordinates CWE-122 | 9.8AI | CriticalAI | 2026-05-09 |
| CVE-2026-40192 | Pillow is vulnerable to a FITS GZIP decompression bomb CWE-770 | 6.5 | - | 2026-04-15 |
| CVE-2026-25990 | Pillow has an out-of-bounds write when loading PSD images CWE-787 | 8.8 | - | 2026-02-11 |
| CVE-2025-48379 | Pillow Vulnerable to Write Buffer Overflow on BCn encoding CWE-122 | 7.1 | High | 2025-07-01 |
| CVE-2021-23437 | Regular Expression Denial of Service (ReDoS) | 7.5 | High | 2021-09-03 |
All 8 known CVE vulnerabilities affecting Pillow with full Chinese analysis, references, and POCs where available.