Details

Impact

An out-of-bounds write may be triggered when loading a specially crafted PSD image. Pillow >= 10.3.0 users are affected.

Patches

Pillow 12.1.1 will be released shortly with a fix for this.

Workarounds

Image.open() has a formats parameter that can be used to prevent PSD images from being opened.

References

Pillow 12.1.1 will add release notes at https://pillow.readthedocs.io/en/stable/releasenotes/index.html

Severity

• CVSS Score: 8.6 / 10 (High)
• Vector String: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

• https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc
• https://github.com/python-pillow/Pillow/pull/9427
• https://github.com/python-pillow/Pillow/commit/54ba4db542ad3c7b918812a4e2d69c27735a3199
• https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html
• https://nvd.nist.gov/vuln/detail/CVE-2026-25990
• https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa
• https://github.com/advisories/GHSA-cfh3-3jmp-rvhc

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

Details

Impact

Pillow did not limit the amount of GZIP-compressed data read when decoding a FITS image, making it vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leading to denial of service (OOM crash or severe performance degradation).

Patches

The amount of data read is now limited to the necessary amount.
Fixed in Pillow 12.2.0 (PR #​9521).

Workarounds

Avoid Pillow >= 10.3.0, < 12.2.0
Only open specific image formats, excluding FITS.

Severity

• CVSS Score: 8.7 / 10 (High)
• Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

References

• https://github.com/python-pillow/Pillow/security/advisories/GHSA-whj4-6x5x-4v2j
• https://github.com/python-pillow/Pillow/pull/9521
• https://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628
• https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html#prevent-fits-decompression-bomb
• https://nvd.nist.gov/vuln/detail/CVE-2026-40192
• https://github.com/advisories/GHSA-whj4-6x5x-4v2j

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

v12.2.0

Compare Source

https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html

Documentation

• Update 12.2.0 release notes #​9522 [@​hugovk]
• Add loader plugins: AMOS abk, Atari Degas, 40+ more obscure formats via Netpbm #​9482 [@​bitplane]
• Update Python versions #​9515 [@​radarhere]
• Jeffrey A. Clark -> Jeffrey 'Alex' Clark #​9513 [@​aclark4life]
• Add release notes for #​9394, #​9419 and #​9456 #​9467 [@​radarhere]
• Add Amiga Workbench .info loader to 3rd party plugins list #​9459 [@​bitplane]
• Merge PFM documentation into PPM #​9434 [@​radarhere]
• Update macOS tested Pillow versions #​9431 [@​radarhere]
• Fix CVE number #​9430 [@​hugovk]

Dependencies

• Update xz to 5.8.3 #​9523 [@​radarhere]
• Update libjpeg-turbo to 3.1.4.1 #​9507 [@​radarhere]
• Update libpng to 1.6.56 #​9499 [@​radarhere]
• Update freetype to 2.14.3 #​9485 [@​radarhere]
• Updated libavif to 1.4.1 #​9479 [@​radarhere]
• Updated harfbuzz to 13.2.1 #​9461 [@​radarhere]
• Update Ghostscript to 10.7.0 #​9469 [@​radarhere]
• Update harfbuzz to 13.0.1 #​9453 [@​radarhere]
• Update libavif to 1.4.0 #​9460 [@​radarhere]
• Update freetype to 2.14.2 #​9449 [@​radarhere]
• Update actions/download-artifact action to v8 #​9451 [@​renovate[bot]]
• Updated libpng to 1.6.55 #​9425 [@​radarhere]

Testing

• Cleanup .spider extension in the same test where it is added #​9517 [@​radarhere]
• Run tests in parallel via tox for 3.5x speedup #​9516 [@​hugovk]
• Enable colour in CI logs #​9486 [@​hugovk]
• Update Ghostscript to 10.7.0 #​9469 [@​radarhere]
• Simplify TGA test code #​9477 [@​radarhere]
• Update tests to check for ValueError when encoding an empty image #​9464 [@​radarhere]
• Upgrade CI from macos-15-intel to macos-26-intel #​9454 [@​hugovk]
• Add check-case-conflict hook #​9446 [@​radarhere]
• Specify platform when pulling docker image #​9440 [@​radarhere]
• GHA: Cache libavif and webp builds for Ubuntu #​9437 [@​hugovk]
• Update macOS tested Pillow versions #​9431 [@​radarhere]

Other changes

• Check calloc return value #​9527 [@​radarhere]
• Check all allocs in the Arrow tree #​9488 [@​wiredfool]
• Reject non-numeric elements inside list coords #​9526 [@​hugovk]
• Move variable declaration inside define #​9525 [@​radarhere]
• Resize tall images vertically first #​9524 [@​radarhere]
• Avoid overflow by not adding extents together #​9520 [@​hugovk]
• Use long for glyph position #​9518 [@​hugovk]
• Raise an error if the trailer chain loops back on itself #​9519 [@​hugovk]
• Only read as much data from gzip-decompressed data as necessary #​9521 [@​hugovk]
• Allow None extents in C setimage() #​9504 [@​radarhere]
• Use critical sections to protect FontObject #​9498 [@​colesbury]
• Add ImageText.Text.wrap() to wrap text #​9286 [@​radarhere]
• Always call StubHandler open() when opening StubImageFile #​9412 [@​radarhere]
• Improved BCn overflow check #​9043 [@​radarhere]
• Image will never be None #​9512 [@​radarhere]
• Raise EOFError when seeking too far in PSD #​9388 [@​radarhere]
• Raise error if ImageGrab subprocess gives non-zero returncode #​9321 [@​radarhere]
• Allow for different palette entry sizes when correcting BMP pixel data offset #​9472 [@​radarhere]
• Ignore unspecified extra samples for TIFF separate planar configuration #​9514 [@​radarhere]
• Add PERF to lint and fix findings #​9510 [@​hugovk]
• Switch iOS back to macos-15-intel #​9509 [@​radarhere]
• Catch struct.error #​9505 [@​radarhere]
• Check PyCapsule_GetPointer and PyBytes_FromStringAndSize return values #​9508 [@​radarhere]
• Fix missing null dereference checks #​9489 [@​wiredfool]
• CI: Retry failed downloads #​9506 [@​hugovk]
• Use PyModule_AddObjectRef #​9503 [@​radarhere]
• Release reference to encoder on error #​9500 [@​radarhere]
• Fixed AVIF and WEBP dealloc #​9501 [@​radarhere]
• Check PyType_Ready return values #​9502 [@​radarhere]
• Check if PyObject_CallMethod result is NULL #​9494 [@​radarhere]
• Do not use palette from grayscale or bilevel colorspace when reading JPEG2000 images #​9468 [@​radarhere]
• If TGA v2 extension area specifies no alpha, fill alpha channel #​9478 [@​radarhere]
• Set image pixels individually on 32-bit Windows #​9492 [@​radarhere]
• Add error messages before returning NULL when encoding #​9493 [@​radarhere]
• Fix _getxy refcount leaks #​9487 [@​hugovk]
• Fix invalid test font #​9483 [@​radarhere]
• Add Exif tag "FrameRate" #​9470 [@​zhiyuanouyang]
• Support reading JPEG2000 images with CMYK palettes #​9456 [@​radarhere]
• Simplify setimage() by always passing extents #​9395 [@​radarhere]
• If bitmap buffer is empty, do not render anything #​8324 [@​radarhere]
• Change to ValueError when encoding an empty image #​9394 [@​radarhere]
• Add FontFile.to_imagefont() #​9419 [@​fjhenigman]
• [pre-commit.ci] pre-commit autoupdate #​9450 [@​pre-commit-ci[bot]]
• Use walrus operator #​9448 [@​radarhere]
• Only close file handle in ImagePalette.save() if it was opened internally #​9444 [@​bysiber]
• Fix self.decode typo #​9445 [@​bysiber]
• Fix BMP RLE delta escape reading from wrong file position #​9443 [@​bysiber]
• Correct error check when encoding AVIF images #​9442 [@​radarhere]
• Fix unexpected error when saving zero dimension images #​9391 [@​radarhere]
• Use uppercase format ID for PALM #​9435 [@​radarhere]

v12.1.1

Compare Source

v12.1.0

Compare Source

https://pillow.readthedocs.io/en/stable/releasenotes/12.1.0.html

Deprecations

• Deprecate getdata(), in favour of new get_flattened_data() #​9292 [@​radarhere]

Documentation

• Specify APNG duration type when opening #​9368 [@​radarhere]
• Added release notes for #​9350 #​9366 [@​radarhere]
• Update ImageMorph documentation #​9349 [@​radarhere]
• Docs: update major bump cadence #​9334 [@​hugovk]
• Add release notes for #​9070 #​9320 [@​radarhere]
• Updated Ubuntu version #​9306 [@​radarhere]
• Update macOS tested Pillow versions #​9265 [@​radarhere]

Dependencies

• Update harfbuzz to 12.3.0 #​9355 [@​radarhere]
• Update xz to 5.8.2 #​9343 [@​radarhere]
• Updated libjpeg-turbo to 3.1.3 #​9333 [@​radarhere]
• Updated zlib-ng to 2.3.2 #​9324 [@​radarhere]
• Updated libpng to 1.6.53 #​9325 [@​radarhere]
• Update actions/checkout action to v6 #​9323 [@​renovate[bot]]
• Update dependency mypy to v1.19.0 #​9322 [@​renovate[bot]]
• Updated libpng to 1.6.51 #​9305 [@​radarhere]
• Updated brotli to 1.2.0 #​9284 [@​radarhere]
• Update libimagequant to 4.4.1 #​9301 [@​radarhere]
• Update zlib-ng to 2.3.1, except on manylinux2014 aarch64 #​9312 [@​radarhere]
• Updated harfbuzz to 12.2.0 #​9289 [@​radarhere]
• Update github-actions #​9277 [@​renovate[bot]]

Testing

• Replace pre-commit with prek #​9360 [@​hugovk]
• Test PyQt6 on Python 3.14 on Windows #​9353 [@​radarhere]
• Test 32-bit Windows on Windows Server 2022 #​9345 [@​radarhere]
• Correct variable type #​9335 [@​radarhere]
• Fix ResourceWarnings in selftest.py #​9332 [@​hugovk]
• Fix testing good P mode BMP images #​9319 [@​radarhere]
• Test Python 3.15 pre-release #​9331 [@​hugovk]
• Test ImageFont.ImageFont, in case freetype2 is not supported #​9287 [@​radarhere]
• Add Fedora 43 #​9290 [@​radarhere]
• Remove Fedora 41 #​9260 [@​radarhere]

Type hints

• Add ImageFile context manager #​9367 [@​radarhere]
• Assert fp is not None #​8617 [@​radarhere]
• Added return type to ImageFile _close_fp() #​9356 [@​radarhere]
• Use different variables for Image and ImageFile instances #​9316 [@​radarhere]
• Correct variable type #​9335 [@​radarhere]
• Improve type hints #​9317 [@​radarhere]
• Use different variables for Image and ImageFile instances #​9268 [@​radarhere]
• Added type hints #​9269 [@​radarhere]
• Correct getitem return type #​9264 [@​radarhere]

Other changes

• Simplify band splitting #​9291 [@​radarhere]
• Support saving APNG float durations #​9365 [@​radarhere]
• Allow 1 mode images in MorphOp #​9348 [@​radarhere]
• Use minimum supported Python version for Lint #​9364 [@​radarhere]
• Allow for duplicate font variation styles #​9362 [@​radarhere]
• Call parent verify method #​9357 [@​radarhere]
• Return LUT from LutBuilder build_default_lut() #​9350 [@​radarhere]
• Simplify WebP code #​9329 [@​radarhere]
• Use unsigned long for DWORD #​9352 [@​radarhere]
• Cast to UINT32 before shifting bits #​9347 [@​radarhere]
• [pre-commit.ci] pre-commit autoupdate #​9318 [@​pre-commit-ci[bot]]
• Allow window ID to be passed to ImageGrab.grab() on macOS #​9070 [@​yankeguo]
• Apply encoder options when saving multiple PNG frames #​9300 [@​radarhere]
• Read all non-zero transparency from mode 1 PNG images as 255 #​9282 [@​radarhere]
• Support writing IFD, SIGNED_RATIONAL and InkNames TIFF tags #​9276 [@​radarhere]
• Remove unused modes #​9275 [@​radarhere]
• Correct allocating new color to RGBA palette #​9313 [@​radarhere]
• Close image on ImageFont exception #​9304 [@​radarhere]
• Reapply "Use macos-latest for iOS arm64 simulator" #​9259 [@​radarhere]
• Escape period in pre-commit-config #​9036 [@​radarhere]
• Add Apache-2.0 notice to IcoImagePlugin #​8947 [@​stefan6419846]
• [pre-commit.ci] pre-commit autoupdate #​9288 [@​pre-commit-ci[bot]]
• Simplify code now that I;16* modes are the only IMAGING_TYPE_SPECIAL #​9263 [@​radarhere]
• Remove BytesIO from DdsImagePlugin #​9273 [@​radarhere]
• Fix ZeroDivisionError in DdsImagePlugin #​9272 [@​radarhere]
• Fix warnings #​9257 [@​radarhere]

v12.0.0

Compare Source

https://pillow.readthedocs.io/en/stable/releasenotes/12.0.0.html

Removals

• Remove support for FreeType <= 2.9.0 #​9159 [@​radarhere]
• Drop support for Python 3.9 #​9119 [@​hugovk]
• Remove deprecations for Pillow 12.0.0 #​9053 [@​radarhere]

Deprecations

• Deprecate Image._show #​9186 [@​radarhere]
• Deprecate ImageCmsProfile product_name and product_info #​8995 [@​lukegb]

Documentation

• ImagingHistogramInstance can use two bands #​9251 [@​radarhere]
• Update 12.0.0 release notes #​9247 [@​hugovk]
• Added ImageDraw alpha channel examples #​9201 [@​radarhere]
• Update Python version #​9230 [@​radarhere]
• Updated macOS tested Pillow versions #​9209 [@​radarhere]
• Add GitHub profile link to release notes #​9197 [@​radarhere]
• Split versionadded info #​9190 [@​radarhere]
• Document ImageFile.MAXBLOCK #​9163 [@​radarhere]
• Updated macOS version in CI targets #​9157 [@​radarhere]
• Fix typos #​9135 [@​radarhere]
• Added "Colors" to concepts #​9067 [@​radarhere]
• Update macOS tested Pillow versions #​9068 [@​radarhere]
• Thanks, folks! #​9056 [@​aclark4life]
• Setup nit: "fork" should be lowercased #​9055 [@​aclark4life]

Dependencies

• Update dependency cibuildwheel to v3.2.1 #​9246 [@​renovate[bot]]
• [pre-commit.ci] pre-commit autoupdate #​9233 [@​pre-commit-ci[bot]]
• Update harfbuzz to 12.1.0 #​9218 [@​radarhere]
• Update libtiff to 4.7.1 #​9222 [@​radarhere]
• Update FreeType to 2.14.1 on macOS and Linux wheels #​9217 [@​radarhere]
• Update dependency cibuildwheel to v3.2.0 #​9219 [@​renovate[bot]]
• Update Ghostscript to 10.6.0 #​9202 [@​radarhere]
• Update openjpeg to 2.5.4 #​9215 [@​radarhere]
• Update harfbuzz to 11.5.0 #​9203 [@​radarhere]
• Update dependency mypy to v1.18.2 #​9213 [@​renovate[bot]]
• Update dependency mypy to v1.18.1 #​9207 [@​renovate[bot]]
• Update github-actions #​9194 [@​renovate[bot]]
• Updated harfbuzz to 11.4.5 #​9150 [@​radarhere]
• Update zlib-ng to 2.2.5 #​9140 [@​radarhere]
• Update raqm to 0.10.3 #​9137 [@​radarhere]
• Update libjpeg-turbo to 3.1.2 #​9188 [@​radarhere]
• [pre-commit.ci] pre-commit autoupdate #​9180 [@​pre-commit-ci[bot]]
• Update dependency cibuildwheel to v3.1.4 #​9164 [@​renovate[bot]]
• Update actions/checkout action to v5 #​9156 [@​renovate[bot]]
• Update actions/download-artifact action to v5 #​9141 [@​renovate[bot]]
• Updated harfbuzz to 11.3.3 #​9103 [@​radarhere]
• [pre-commit.ci] pre-commit autoupdate #​9131 [@​pre-commit-ci[bot]]
• Updated libimagequant to 4.4.0 #​9074 [@​radarhere]
• Update dependency mypy to v1.17.1 #​9130 [@​renovate[bot]]
• Update dependency cibuildwheel to v3.1.3 #​9129 [@​renovate[bot]]
• Update dependency cibuildwheel to v3.1.2 #​9118 [@​renovate[bot]]
• Updated libpng to 1.6.50 #​9058 [@​radarhere]
• Update cygwin/cygwin-install-action action to v6 #​9108 [@​renovate[bot]]
• Update dependency mypy to v1.17.0 #​9092 [@​renovate[bot]]
• Updated libwebp to 1.6.0 #​9082 [@​radarhere]
• Update dependency cibuildwheel to v3.0.1 #​9075 [@​renovate[bot]]
• [pre-commit.ci] pre-commit autoupdate #​9073 [@​pre-commit-ci[bot]]

Testing

• Check return types #​9045 [@​radarhere]
• Upgrade from macos-13 #​9212 [@​radarhere]
• Wheels CI: Check number of expected dists #​9239 [@​hugovk]
• Assert image type #​8845 [@​radarhere]
• Test GD transparency #​9196 [@​radarhere]
• Test mode when saving PPM images #​9195 [@​radarhere]
• Test unsupported BMP bitfields layout #​9193 [@​radarhere]
• Update Ghostscript to 10.6.0 #​9202 [@​radarhere]
• Use monkeypatch #​9192 [@​radarhere]
• Always check XMLPacket value #​9113 [@​radarhere]
• Rename variable to not shadow import #​9124 [@​radarhere]
• Removed unused code #​9182 [@​radarhere]
• Add has_feature_version helper #​9172 [@​radarhere]
• Replace print with assert #​9171 [@​radarhere]
• Add Debian 13 Trixie #​9147 [@​hugovk]
• Do not import from Tests directory in checks #​9143 [@​radarhere]
• Improve features test coverage #​9077 [@​radarhere]
• Remove WebP feature handling #​9096 [@​radarhere]
• Update for pyroma 5.0 #​9093 [@​radarhere]
• Improve WmfImagePlugin test coverage #​9090 [@​radarhere]
• Improve DdsImagePlugin test coverage #​9091 [@​radarhere]
• Improve ImageMath test coverage #​9087 [@​radarhere]
• Fix unclosed file warning #​9065 [@​radarhere]
• Pyroma now supports PEP 639 #​9064 [@​radarhere]

Type hints

• Install arro3 dependencies when type checking #​9254 [@​radarhere]
• Check return types #​9045 [@​radarhere]
• Assert image type #​8845 [@​radarhere]
• Move imports into TYPE_CHECKING #​9123 [@​radarhere]
• Remove support for NumPy 1.20 when type checking #​9125 [@​radarhere]

Other changes

• Use macos-14 for iOS arm64 simulator #​9258 [@​hugovk]
• Use enums for Modes and RawModes in C #​9256 [@​radarhere]
• Add ImageText #​9098 [@​radarhere]
• Shift bits before making value negative #​9255 [@​radarhere]
• Support saving variable length rational TIFF tags by default #​9241 [@​radarhere]
• Added four private SGI TIFF tags #​9245 [@​radarhere]
• Band names for arrow exported images #​9099 [@​wiredfool]
• Use macos-latest for iOS arm64 simulator #​9250 [@​radarhere]
• If pasting an image onto itself at a lower position, copy from bottom #​8882 [@​radarhere]
• Removed unused access for I;32L and I;32B #​9238 [@​radarhere]
• Corrected scientific-python-nightly-wheels pattern #​9252 [@​radarhere]
• Run sdist when scheduled, but do not upload to scientific-python-nightly-wheels index #​9248 [@​radarhere]
• Removed shebang lines and executable flags #​9179 [@​radarhere]
• Remove Pillow version from PDF comment #​9176 [@​radarhere]
• Support saving variable length rational TIFF tags #​9111 [@​radarhere]
• Build Python 3.14 on macOS 10.15 #​9234 [@​radarhere]
• Test largest CUR cursor #​9191 [@​radarhere]
• Do not unnecessarily update FLI __offset #​9184 [@​radarhere]
• Fill alpha channel when quantizing RGB images #​9133 [@​radarhere]
• Allow RGBA palettes to work with ImageOps.expand() #​9138 [@​radarhere]
• Fixed loading rotated PCD images #​9177 [@​radarhere]
• Cast before shifting bits #​9236 [@​radarhere]
• Use _ensure_mutable() #​9200 [@​radarhere]
• Seek past BeginBinary data when parsing EPS metadata #​9211 [@​radarhere]
• Do not allow negative offset with memory mapping #​9235 [@​radarhere]
• Clear C image when MPO frame image size changes #​9208 [@​radarhere]
• When converting RGBA to PA, use RGB to P quantization #​9153 [@​radarhere]
• Remove use of sudo from libavif and raqm install scripts #​9231 [@​radarhere]
• Load image palette into Python after converting to PA #​9152 [@​radarhere]
• Check all reserved bytes in FLI header #​9183 [@​radarhere]
• Limit length of read operation in ImageFont._load_pilfont_data() #​9181 [@​radarhere]
• Python 3.9 wheels are no longer needed #​9214 [@​radarhere]
• Remove unused Image _expand() #​9227 [@​radarhere]
• Updated FreeType to 2.14.1 on Windows #​9206 [@​radarhere]
• Only deprecate fromarray mode for changing data types #​9063 [@​radarhere]
• Fix reading RGB and CMYK IPTC images #​9088 [@​radarhere]
• Install zstd for libtiff on Linux wheels #​9097 [@​radarhere]
• Improve WalImageFile test coverage #​9189 [@​radarhere]
• ImageMorph operations must have length 1 #​9102 [@​radarhere]
• Set correct size for rotated PCD images after opening #​9086 [@​radarhere]
• Simplify check for GBR width and height #​9089 [@​radarhere]
• Make in parallel when building libjpeg-turbo and openjpeg for macOS and Linux wheels #​9144 [@​radarhere]
• Fix ZeroDivisionError in ImageStat #​9105 [@​radarhere]
• When deleting EXIF IFD tag, delete IFD data #​9083 [@​radarhere]
• Allow alpha_composite to use LA images #​9066 [@​radarhere]
• Improve _accept length check #​9170 [@​radarhere]
• Do not set core to DeferredError #​9166 [@​radarhere]
• Use macos-14 for iOS arm64 simulator #​9161 [@​radarhere]
• Make in parallel when building brotli and libavif for macOS and Linux wheels [#​9142](https://redirect.github.com/python-pillow/Pill

✂ Note

PR body was truncated to here.