CVE-2026-42309 | Pillow up to 12.1.x heap-based overflow (GHSA-5xmw-vc9v-4wf2)

Inserito da Angelo Barbosa | Mag 9, 2026 | CVE

A vulnerability was found in Pillow up to 12.1.x. It has been classified as critical. The affected element is an unknown function. The manipulation leads to heap-based buffer overflow.

This vulnerability is listed as CVE-2026-42309. The attack must be carried out locally. There is no available exploit.

Upgrading the affected component is recommended.

CVE-2026-42309 | Pillow up to 12.1.x heap-based overflow (GHSA-5xmw-vc9v-4wf2)

Post correlati

CVE-2025-9569 | Sunnet eHRD CTMS cross site scripting

CVE-2025-0855 | PGS Core Plugin up to 5.8.0 on WordPress import_header deserialization

CVE-2025-21665 | Linux Kernel up to 5.15.176/6.1.126/6.6.73/6.12.10 folio_seek_hole_data bit infinite loop

CVE-2023-48751 | Participants Database Plugin up to 2.5.5 on WordPress authorization