CVE-2026-25990

← CVEs

HIGH 7.5

Published

2026-02-11

Last Modified

2026-02-13

Affected Apps

Affected Devices

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.

Affected Applications in Environment 7

Python

11 devices

Python vWindows 11 (26.57288.0)

1 device

python v2.7.5-5ubuntu3

1 device

python v2.7.5-93.el7_9

1 device

python-apt v2.0.1ubuntu0.20.04.1

1 device

python-apt v0.9.3.5ubuntu3

1 device

python-ldap v0:2.4.15-2.el7

1 device

Affected Devices 15

Brians-Mac-mini.local Mac Kellys-MacBook-Pro-3.local Mac MacBook-Pro.local Mac a00017110-J7TV3C9HW5 Mac a00344487-F622TJW0NM Mac a02235045-MX74HJV2J3 Mac a02265864-LFW93MQ9P7 Mac a02388352-LQ22WMQLKF Mac a02424859-LHV909KCR7 Mac a02456553-G06QD7XKWW Mac a02513954-D2V97K4D2L Mac guru.cluster Linux mac.lan Mac web05 Linux webs.usu.edu Linux

References 3

https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa
https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc
http://www.openwall.com/lists/oss-security/2026/02/12/1