CVE-2026-59197 in Pillow
요약
\~에 의해 MITRE • 2026. 07. 14.
Pillow is a Python imaging library. Prior to 12.3.0, Pillow's public rank-filter API can trigger a native heap out-of-bounds write when given a very large odd filter size because ImageFilter.RankFilter.filter() calls image.expand(size // 2, size // 2) before rank-filter size validation and ImagingExpand() computes output dimensions with unchecked signed int arithmetic. This issue is fixed in version 12.3.0.
If you want to get best quality of vulnerability data, you may have to visit VulDB.