Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-25990

Опубликовано: 11 фев. 2026
Источник: redhat
CVSS3: 7.3
EPSS Низкий

Описание

Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.

A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenShift Lightspeedopenshift-lightspeed/lightspeed-ocp-rag-rhel9Affected
OpenShift Lightspeedopenshift-lightspeed/lightspeed-service-api-rhel9Affected
OpenShift Lightspeedopenshift-lightspeed-tech-preview/lightspeed-rag-tool-rhel9Affected
Red Hat AI Inference Serverrhai/docling-cuda-rhel9Affected
Red Hat AI Inference Serverrhaiis/vllm-spyre-rhel9Affected
Red Hat AI Inference Serverrhaiis/vllm-tpu-rhel9Affected
Red Hat Ansible Automation Platform 2ansible-automation-platform-26/hub-rhel9Affected
Red Hat Ansible Automation Platform 2ansible-automation-platform-26/lightspeed-chatbot-rhel9Affected
Red Hat Ansible Automation Platform 2ansible-automation-platform/automation-dashboard-rhel9Affected
Red Hat Ansible Automation Platform 2ansible-automation-platform-tech-preview/automation-dashboard-rhel9Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-787
https://bugzilla.redhat.com/show_bug.cgi?id=2439170pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image

EPSS

Процентиль: 5%
0.00018
Низкий

7.3 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2026-25990

CVSS3: 7.5
ubuntu
около 1 месяца назад

Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.

nvd логотип

CVE-2026-25990

CVSS3: 7.5
nvd
около 1 месяца назад

Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.

debian логотип

CVE-2026-25990

CVSS3: 7.5
debian
около 1 месяца назад

Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n ou ...

github логотип

GHSA-cfh3-3jmp-rvhc

github
около 1 месяца назад

Pillow affected by out-of-bounds write when loading PSD images

EPSS

Процентиль: 5%
0.00018
Низкий

7.3 High

CVSS3