CVE-2026-59198
EUVD-2026-4375214.07.2026, 16:17
Pillow is a Python imaging library. From 5.2.0 until 12.3.0, Pillow's TGA RLE encoder reads past its packed row buffer when saving a mode 1 image with TGA RLE compression, allowing adjacent process heap bytes to be copied into the generated TGA file. This issue is fixed in version 12.3.0.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| python | pillow | 5.2.0 ≤ 𝑥 < 12.3.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References