VDB
KO
HIGH 7.5

PYSEC-2026-2249

Details

Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, an out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / pillow
Introduced in: 10.3.0 Fixed in: 12.1.1
Fix pip install --upgrade 'pillow>=12.1.1'

References