{"id":"CVE-2026-42311","summary":"Pillow: OOB Write with Invalid PSD Tile Extents (Integer Overflow)","details":"Pillow is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution. This issue has been patched in version 12.2.0.","aliases":["BIT-pillow-2026-42311","GHSA-pwv6-vv43-88gr"],"modified":"2026-06-18T03:56:28.216501780Z","published":"2026-05-09T04:11:58.092Z","related":["CGA-r9w3-5fv2-4vx9"],"database_specific":{"cwe_ids":["CWE-190","CWE-787"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/42xxx/CVE-2026-42311.json","cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"https://github.com/python-pillow/Pillow/releases/tag/12.2.0"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/42xxx/CVE-2026-42311.json"},{"type":"ADVISORY","url":"https://github.com/python-pillow/Pillow/security/advisories/GHSA-pwv6-vv43-88gr"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42311"},{"type":"FIX","url":"https://github.com/python-pillow/Pillow/commit/58f9a1d166dcb0c274807d4423522d205b0c35ea"},{"type":"FIX","url":"https://github.com/python-pillow/Pillow/pull/9520"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/python-pillow/pillow","events":[{"introduced":"5c89d88eee199ba53f64581ea39b6a1bc52feb1a"},{"fixed":"3c41c095064200a02672d89cc5ff629eaf4b0d4f"},{"fixed":"58f9a1d166dcb0c274807d4423522d205b0c35ea"}],"database_specific":{"extracted_events":[{"introduced":"10.3.0"},{"fixed":"12.2.0"}],"source":["CPE_RANGE","REFERENCES"],"cpe":"cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*"}}],"versions":["12.1.0","12.0.0","11.3.0","11.2.1","11.1.0","11.0.0","10.4.0","10.3.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-42311.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}]}