Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.

Description

Affected Products

Vendor	Product	Versions
python	pillow	< 12.1.1

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
red hat	ansible automation	cert_advisory	90%

References

https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa(Patch)
https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc(Vendor Advisory)
http://www.openwall.com/lists/oss-security/2026/02/12/1(Mailing List, Patch, Third Party Advisory)

Related News (1 articles)

Tier B

BSI Advisories5d ago

[NEU] [hoch] Red Hat Ansible Automation Platform: Mehrere Schwachstellen

→ No new info (linked only)

CVSS 3.17.5 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA KEV❌ No

Actively exploited❌ No

Patch available

12.1.1

CWECWE-787

PublishedFeb 11, 2026

Last enriched4d ago

Trending Score14

Source articles1

Independent1

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.

Description

Affected Products

Also Affects

References

Related News (1 articles)

Community Vote

Related CVEs (5)

Pin to Dashboard

Verification

Vulnerability Timeline