CVE-2026-42308

UNKNOWN 0.0

Pillow: Integer overflow when processing fonts

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0.

CWE	CWE-190
Vendor	python-pillow
Product	pillow
Published	May 9, 2026

Stay Ahead of the Next One

Get instant alerts for python-pillow pillow

Be the first to know when new unknown vulnerabilities affecting python-pillow pillow are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

python-pillow / Pillow

< 12.2.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/python-pillow/Pillow/security/advisories/GHSA-wjx4-4jcj-g98j github.com: https://github.com/python-pillow/Pillow/releases/tag/12.2.0