Home

Description

Pillow is a Python imaging library. Prior to 12.3.0, when Pillow loads an uncompressed McIdas AREA image from a filename through the mmap raw codec path, attacker-controlled header words can set a row stride smaller than the natural row width, causing pixel access such as Image.tobytes(), getpixel, convert, or save to read beyond the mapped region and disclose adjacent process memory or fault. This issue is fixed in version 12.3.0.

PUBLISHED Reserved 2026-06-11 | Published 2026-07-14 | Updated 2026-07-14 | Assigner GitHub_M




HIGH: 8.3CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-125: Out-of-bounds Read

Product status

< 12.3.0
affected

References

github.com/...Pillow/security/advisories/GHSA-62p4-gmf7-7g93 exploit

github.com/...Pillow/security/advisories/GHSA-62p4-gmf7-7g93

github.com/python-pillow/Pillow/pull/9719

github.com/...ommit/6a8de891fb00968e5ea79bfa84368ed90b3cfc1d

github.com/python-pillow/Pillow/releases/tag/12.3.0

cve.org (CVE-2026-54058)

nvd.nist.gov (CVE-2026-54058)

Download JSON