A vulnerability was found in Pillow up to 12.2.x and classified as problematic. The affected element is the function _load_bitmaps of the file PIL/PcfFontFile.py of the component PCF Font Parser. Executing a manipulation can lead to uncontrolled memory allocation.

This vulnerability is tracked as CVE-2026-54059. The attack can be launched remotely. No exploit exists.