Description
Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0.
References (2)
Core 2
Core References
X_Refsource_Confirm x_refsource_confirm
https://github.com/python-pillow/Pillow/security/advisories/GHSA-wjx4-4jcj-g98j
X_Refsource_Misc x_refsource_misc
https://github.com/python-pillow/Pillow/releases/tag/12.2.0
Scores
CVSS v3
5.5
EPSS
0.0001
EPSS Percentile
3.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-190
Status
published
Products (3)
pypi/pillow
0 - 12.2.0PyPI
python/pillow
< 12.2.0
python-pillow/Pillow
< 12.2.0
Published
May 09, 2026
Tracked Since
May 09, 2026