Primary

Context

Pillow Integer Overflow Vulnerability in Font Processing

Vulnerability

Patched

An integer overflow vulnerability has been identified in the Python imaging library Pillow, prior to version 12.2.0. The issue arises when a font advances each glyph by an excessively large amount, leading to an overflow as Pillow tracks the current position. This vulnerability has been patched in version 12.2.0.

Impact

Exploitation of this vulnerability can lead to the integer overflow, which may be leveraged to cause unexpected behavior in the application, such as memory corruption or arbitrary code execution.

Remediation

Users can upgrade to Pillow version 12.2.0 or later to address this vulnerability.

Added: May 9, 2026, 6:20 AM

Updated: May 9, 2026, 6:20 AM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

0.6

exploitability

4.7

remediation

7.7

relevance

7.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

0.6

exploitability

4.7

remediation

7.7

relevance

7.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Pillow Integer Overflow Vulnerability in Font Processing

Vulnerability

Impact

Remediation

Affected Products

Pillow

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating