CVE-2026-55380 in Pillowinfo

Summary

by MITRE • 07/06/2026

Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile._open() read image dimensions from the GD 2.x header and stored them in self._size without calling Image._decompression_bomb_check(), allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This issue is fixed in version 12.3.0.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 07/06/2026

The vulnerability identified in Pillow versions prior to 12.3.0 represents a critical security flaw within the GD image format parsing functionality that directly impacts memory allocation behavior during image processing operations. This issue resides specifically within the PIL/GdImageFile.py module where the GdImageFile._open() method handles GD 2.x format image files. The vulnerability stems from insufficient input validation and memory management practices that allow maliciously crafted .gd files to manipulate the image dimension parsing process without proper security checks.

The technical flaw manifests when the _open() method reads image dimensions from the GD 2.x file header and stores these values in self._size attribute without invoking the Image._decompression_bomb_check() validation routine. This omission creates a pathway for attackers to craft .gd files containing inflated dimension values that would trigger excessive heap allocation during the image loading process. The decompression bomb check mechanism exists specifically to prevent denial-of-service conditions by limiting the maximum size of images that can be loaded, but this protection is bypassed in vulnerable versions.

The operational impact of this vulnerability extends beyond simple resource exhaustion, as it enables attackers to potentially consume excessive system memory and CPU resources when processing maliciously crafted GD files. When an application using Pillow loads such a file, the library allocates heap memory based on the inflated dimensions specified in the header, potentially leading to system instability, application crashes, or complete system resource exhaustion. This vulnerability particularly affects applications that process untrusted image uploads or handle user-provided image content without proper sanitization.

This issue aligns with CWE-400, which covers "Uncontrolled Resource Consumption," and represents a classic example of how insufficient input validation can lead to denial-of-service conditions. The vulnerability also maps to ATT&CK technique T1499.001, "Network Denial of Service," as it enables attackers to consume system resources through crafted image files. Additionally, the flaw demonstrates characteristics of CWE-129, "Improper Validation of Array Index," since the dimension values are used directly in memory allocation without proper bounds checking or validation.

The fix implemented in version 12.3.0 addresses this vulnerability by ensuring that Image._decompression_bomb_check() is properly invoked during GD image file processing. This update maintains the existing security checks while preserving legitimate functionality for valid image files. Organizations should prioritize upgrading to Pillow 12.3.0 or later versions to mitigate this risk, particularly those applications that process external image content or handle user uploads without proper input validation mechanisms in place.

The vulnerability underscores the importance of comprehensive input validation and resource management practices in image processing libraries, where seemingly benign file format parsing can become a vector for significant system impact. Security teams should implement monitoring for unusual memory consumption patterns when processing image files and ensure that all third-party libraries are kept up to date with security patches. This incident highlights the critical need for regular security assessments of commonly used libraries and the implementation of proper resource limits in applications that handle untrusted binary content.

Responsible

GitHub M

Reservation

06/16/2026

Disclosure

07/06/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!