CVE-2026-59199 | python-pillow Pillow up to 12.2.x APIs Image.paste/Image.crop/Image.alpha_composite Coordinate out-of-bounds write

SecurityVulns

A vulnerability described as critical has been identified in python-pillow Pillow up to 12.2.x. This vulnerability affects the function Image.paste/Image.crop/Image.alpha_composite of the component APIs. The manipulation of the argument Coordinate results in out-of-bounds write.

This vulnerability was named CVE-2026-59199. The attack may be performed from remote. There is no available exploit.VulDB Recent EntriesRead More