Intel

AIKIDO-2026-457677

pillow is vulnerable to Memory Allocation with Excessive Size Value

Memory Allocation with Excessive Size ValueCVE-2026-54059 Published 2 days ago

75

High Risk

This Affects:

PYTHONpillow
0.0.1 - 12.2.0
Fixed in 12.3.0
Are you affected? Scan for Free

TL;DR

Affected versions of Pillow are vulnerable to a denial-of-service (DoS) issue because the PCF font loader (PIL.PcfFontFile) does not perform decompression bomb checks on attacker-controlled glyph dimensions. A specially crafted PCF font can trigger excessive memory allocation, potentially exhausting system resources and crashing applications that load untrusted PCF fonts.

Who does this affect?

You're affected if you are using a version which is within vulnerability ranges.

Background info

pillow is vulnerable to Memory Allocation with Excessive Size Value in versions 0.0.1 - 12.2.0.

How to fix this

Upgrade pillow library to patch version.