A vulnerability was found in Pillow up to 12.2.x. It has been rated as problematic. This impacts the function GdImageFile._open of the file PIL/GdImageFile.py of the component GD Image File Parser. This manipulation causes heap-based buffer overflow. This vulnerability is registered as CVE-2026-55380. Remote exploitation of the attack is possible.
| Vendor | Product | Versions |
|---|---|---|
| python | pillow | < 12.3.0, 12.2.x |
Updated description with new technical details, changed affected versions to include 12.2.x, and updated severity to MEDIUM.
Initial creation