CVE-2026-54059
ADVISORY - debianSummary
Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py _load_bitmaps() read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes() without calling Image._decompression_bomb_check(), allowing crafted PCF font data to cause excessive memory allocation. This issue is fixed in version 12.3.0.
- pillow [trixie] - pillow (Minor issue) [bookworm] - pillow (Minor issue) [bullseye] - pillow (Minor issue) https://github.com/python-pillow/Pillow/security/advisories/GHSA-8v84-f9pq-wr9x Fixed by: https://github.com/python-pillow/Pillow/commit/0a263e6264aa5399988d9acd3bbfbca2ca3ec77d (12.3.0)
EPSS Score: 0.00354 (0.275)
Common Weakness Enumeration (CWE)
ADVISORY - redhat
Improper Handling of Highly Compressed Data (Data Amplification)
Sign in to Docker Scout
See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.
Sign in