CVE-2026-42309 | Pillow up to 12.1.x heap-based overflow (GHSA-5xmw-vc9v-4wf2)

A vulnerability was found in Pillow up to 12.1.x. It has been classified as critical. The affected element is an unknown function. The manipulation leads to heap-based buffer overflow.

This vulnerability is listed as CVE-2026-42309. The attack must be carried out locally. There is no available exploit.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More