CVE-2026-42308 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 1%

Affected Products (NVD)

Vendor	Product	Version
python	pillow	𝑥 < 12.2.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

pillow

bookworm	vulnerable
bookworm (security)	vulnerable
bullseye	postponed
bullseye (security)	vulnerable
forky	12.2.0-1 fixed
sid	12.2.0-1 fixed
trixie	vulnerable
trixie (security)	11.1.0-5+deb13u3 fixed

openSUSE / SLES Releases

openSUSE Product

Release

python311-Pillow

suse enterprise desktop 15 SP7	9.5.0-150400.5.20.1 fixed
suse enterprise sap 15 SP4	9.5.0-150400.5.20.1 fixed
suse enterprise sap 15 SP5	9.5.0-150400.5.20.1 fixed
suse enterprise sap 15 SP6	9.5.0-150400.5.20.1 fixed
suse enterprise sap 15 SP7	9.5.0-150400.5.20.1 fixed
suse enterprise server 15 SP4	9.5.0-150400.5.20.1 fixed
suse enterprise server 15 SP5	9.5.0-150400.5.20.1 fixed
suse enterprise server 15 SP6	9.5.0-150400.5.20.1 fixed
suse enterprise server 15 SP7	9.5.0-150400.5.20.1 fixed

python311-Pillow-tk

suse enterprise desktop 15 SP7	9.5.0-150400.5.20.1 fixed
suse enterprise sap 15 SP4	9.5.0-150400.5.20.1 fixed
suse enterprise sap 15 SP5	9.5.0-150400.5.20.1 fixed
suse enterprise sap 15 SP6	9.5.0-150400.5.20.1 fixed
suse enterprise sap 15 SP7	9.5.0-150400.5.20.1 fixed
suse enterprise server 15 SP4	9.5.0-150400.5.20.1 fixed
suse enterprise server 15 SP5	9.5.0-150400.5.20.1 fixed
suse enterprise server 15 SP6	9.5.0-150400.5.20.1 fixed
suse enterprise server 15 SP7	9.5.0-150400.5.20.1 fixed

Amazon Linux Releases

Amazon Package

Release

python-pillow

Amazon Linux 2

0:2.0.0-23.gitd1c6db8.amzn2.0.18

fixed

python-pillow-debuginfo

Amazon Linux 2	0:2.0.0-23.gitd1c6db8.amzn2.0.18 fixed
Amazon Linux 2023	0:9.4.0-2.amzn2023.0.8 fixed

python-pillow-debugsource

Amazon Linux 2023

0:9.4.0-2.amzn2023.0.8

fixed

python-pillow-devel

Amazon Linux 2

0:2.0.0-23.gitd1c6db8.amzn2.0.18

fixed

python-pillow-doc

Amazon Linux 2

0:2.0.0-23.gitd1c6db8.amzn2.0.18

fixed

python-pillow-sane

Amazon Linux 2

0:2.0.0-23.gitd1c6db8.amzn2.0.18

fixed

python-pillow-tk

Amazon Linux 2

0:2.0.0-23.gitd1c6db8.amzn2.0.18

fixed

python3-pillow

Amazon Linux 2023

0:9.4.0-2.amzn2023.0.8

fixed

python3-pillow-debuginfo

Amazon Linux 2023

0:9.4.0-2.amzn2023.0.8

fixed

python3-pillow-devel

Amazon Linux 2023

0:9.4.0-2.amzn2023.0.8

fixed

python3-pillow-tk

Amazon Linux 2023

0:9.4.0-2.amzn2023.0.8

fixed

python3-pillow-tk-debuginfo

Amazon Linux 2023

0:9.4.0-2.amzn2023.0.8

fixed

Common Weakness Enumeration

CWE-190 - Integer Overflow or Wraparound
The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

References

https://github.com/python-pillow/Pillow/releases/tag/12.2.0

https://github.com/python-pillow/Pillow/security/advisories/GHSA-wjx4-4jcj-g98j