CVE-2026-55380
ADVISORY - debianSummary
Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile._open() read image dimensions from the GD 2.x header and stored them in self._size without calling Image._decompression_bomb_check(), allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This issue is fixed in version 12.3.0.
- pillow [trixie] - pillow (Minor issue) [bookworm] - pillow (Minor issue) [bullseye] - pillow (Minor issue) https://github.com/python-pillow/Pillow/security/advisories/GHSA-phj9-mv4w-65pm Fixed by: https://github.com/python-pillow/Pillow/commit/f39b0ae6624eb2d7c5c5d651d9bb5fdbd96a8675 (12.3.0)
EPSS Score: 0.00361 (0.282)
Common Weakness Enumeration (CWE)
ADVISORY - redhat
Improper Validation of Specified Index, Position, or Offset in Input
Sign in to Docker Scout
See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.
Sign in