CVE-2026-25990

Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.

Published Feb 12, 2026

https://github.com/advisories/GHSA-cfh3-3jmp-rvhc

CVSS ScoreHigh

7.5

Ecosystem	Package	Version

Ecosystem	Package	Version

Vulnerabilities

CVE-2026-25990

Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.

Published Feb 12, 2026

https://github.com/advisories/GHSA-cfh3-3jmp-rvhc

CVSS ScoreHigh

7.5


npm	chaileys	1.0.0
pypi	iode	7.0.4
pypi	iode	7.0.5
pypi	pillow	10.3.0
pypi	pillow	10.4.0
pypi	pillow	11.0.0
pypi	pillow	11.1.0
pypi	pillow	11.2.0
pypi	pillow	11.2.1
pypi	pillow	11.3.0
pypi	pillow	12.0.0
pypi	pillow	12.1.0
rpm	python-pillow	10.3.0-1.el8
rpm	python-pillow	10.3.0-1.el9

Ecosystem	Package	Version


npm	chaileys	1.0.0
pypi	iode	7.0.4
pypi	iode	7.0.5
pypi	pillow	10.3.0
pypi	pillow	10.4.0
pypi	pillow	11.0.0
pypi	pillow	11.1.0
pypi	pillow	11.2.0
pypi	pillow	11.2.1
pypi	pillow	11.3.0
pypi	pillow	12.0.0
pypi	pillow	12.1.0
rpm	python-pillow	10.3.0-1.el8
rpm	python-pillow	10.3.0-1.el9

Find vulnerabilities. Fix fast with AI.

CVE-2026-25990

CVE-2026-25990