chore(deps): update dependency pillow to v12.2.0 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
pillow (changelog)	12.1.1 → 12.2.0

---

Pillow has a heap buffer overflow with nested list coordinates

CVE-2026-42309 / GHSA-5xmw-vc9v-4wf2

More information

Details

Passing nested lists as coordinates to APIs that accept coordinates such as ImagePath.Path, ImageDraw.ImageDraw.polygon and ImageDraw.ImageDraw.line could cause a heap buffer overflow, as nested lists were recursively unpacked beyond the allocated buffer. Coordinate lists are now validated to contain exactly two numeric coordinates. This was introduced in Pillow 11.2.1.

Severity

• CVSS Score: 5.1 / 10 (Medium)
• Vector String: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

References

• https://github.com/python-pillow/Pillow/security/advisories/GHSA-5xmw-vc9v-4wf2
• https://github.com/python-pillow/Pillow

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

---

Pillow has an OOB Write with Invalid PSD Tile Extents (Integer Overflow)

CVE-2026-42311 / GHSA-pwv6-vv43-88gr

More information

Details

Impact

Processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution.

Patches

Patched version: 12.2.0

Pillow 12.1.1 addressed CVE-2026-25990 by adding checks for tile extents in PSD image decoding/encoding to prevent an out-of-bounds write. However, the bounds checks computed tile extent sums using types susceptible to integer overflow, meaning a PSD image with carefully chosen tile dimensions could produce values that wrap around and bypass the checks, still triggering an out-of-bounds write in src/decode.c and src/encode.c. The fix avoids adding extents together before comparison.

Workarounds

Use any version but affected versions: >= 10.3.0, < 12.2.0

Resources

• Fix: https://github.com/python-pillow/Pillow/pull/9520
• Original issue: CVE-2026-25990 (Pillow 12.1.1)

Severity

• CVSS Score: 8.6 / 10 (High)
• Vector String: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

• https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc
• https://github.com/python-pillow/Pillow/security/advisories/GHSA-pwv6-vv43-88gr
• https://github.com/python-pillow/Pillow/pull/9520
• https://github.com/python-pillow/Pillow

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

---

Pillow has a PDF Parsing Trailer Infinite Loop (DoS)

CVE-2026-42310 / GHSA-r73j-pqj5-w3x7

More information

Details

Impact

An attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive.

Patches

Patched version: 12.2.0.

PdfParser (introduced in Pillow 4.2.0) follows Prev pointers in PDF trailers to read cross-reference sections. If a
trailer's Prev pointer references an offset that has already been processed — either pointing to itself or forming a
longer cycle — the parser enters an infinite loop. Pillow now tracks previously processed trailer offsets and raises an
error if a cycle is detected.

Workarounds

Use any version but the affected versions: >= 4.2.0, < 12.2.0

Resources

• Fix: https://github.com/python-pillow/Pillow/pull/9519

Severity

• CVSS Score: 5.1 / 10 (Medium)
• Vector String: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

References

• https://github.com/python-pillow/Pillow/security/advisories/GHSA-r73j-pqj5-w3x7
• https://github.com/python-pillow/Pillow/pull/9519
• https://github.com/python-pillow/Pillow

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

---

FITS GZIP decompression bomb in Pillow

BIT-pillow-2026-40192 / CVE-2026-40192 / GHSA-whj4-6x5x-4v2j

More information

Details

Impact

Pillow did not limit the amount of GZIP-compressed data read when decoding a FITS image, making it vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leading to denial of service (OOM crash or severe performance degradation).

Patches

The amount of data read is now limited to the necessary amount.
Fixed in Pillow 12.2.0 (PR #​9521).

Workarounds

Avoid Pillow >= 10.3.0, < 12.2.0
Only open specific image formats, excluding FITS.

Severity

• CVSS Score: 8.7 / 10 (High)
• Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

References

• https://github.com/python-pillow/Pillow/security/advisories/GHSA-whj4-6x5x-4v2j
• https://nvd.nist.gov/vuln/detail/CVE-2026-40192
• https://github.com/python-pillow/Pillow/pull/9521
• https://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628
• https://github.com/python-pillow/Pillow
• https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html#prevent-fits-decompression-bomb

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

---

Pillow has an integer overflow when processing fonts

CVE-2026-42308 / GHSA-wjx4-4jcj-g98j

More information

Details

If a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This has been fixed.

Severity

• CVSS Score: 5.1 / 10 (Medium)
• Vector String: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

References

• https://github.com/python-pillow/Pillow/security/advisories/GHSA-wjx4-4jcj-g98j
• https://github.com/python-pillow/Pillow

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

---

Release Notes

python-pillow/Pillow (pillow)

v12.2.0

Compare Source

https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html

Documentation

• Update 12.2.0 release notes #​9522 [@​hugovk]
• Add loader plugins: AMOS abk, Atari Degas, 40+ more obscure formats via Netpbm #​9482 [@​bitplane]
• Update Python versions #​9515 [@​radarhere]
• Jeffrey A. Clark -> Jeffrey 'Alex' Clark #​9513 [@​aclark4life]
• Add release notes for #​9394, #​9419 and #​9456 #​9467 [@​radarhere]
• Add Amiga Workbench .info loader to 3rd party plugins list #​9459 [@​bitplane]
• Merge PFM documentation into PPM #​9434 [@​radarhere]
• Update macOS tested Pillow versions #​9431 [@​radarhere]
• Fix CVE number #​9430 [@​hugovk]

Dependencies

• Update xz to 5.8.3 #​9523 [@​radarhere]
• Update libjpeg-turbo to 3.1.4.1 #​9507 [@​radarhere]
• Update libpng to 1.6.56 #​9499 [@​radarhere]
• Update freetype to 2.14.3 #​9485 [@​radarhere]
• Updated libavif to 1.4.1 #​9479 [@​radarhere]
• Updated harfbuzz to 13.2.1 #​9461 [@​radarhere]
• Update Ghostscript to 10.7.0 #​9469 [@​radarhere]
• Update harfbuzz to 13.0.1 #​9453 [@​radarhere]
• Update libavif to 1.4.0 #​9460 [@​radarhere]
• Update freetype to 2.14.2 #​9449 [@​radarhere]
• Update actions/download-artifact action to v8 #​9451 [@​renovate[bot]]
• Updated libpng to 1.6.55 #​9425 [@​radarhere]

Testing

• Cleanup .spider extension in the same test where it is added #​9517 [@​radarhere]
• Run tests in parallel via tox for 3.5x speedup #​9516 [@​hugovk]
• Enable colour in CI logs #​9486 [@​hugovk]
• Update Ghostscript to 10.7.0 #​9469 [@​radarhere]
• Simplify TGA test code #​9477 [@​radarhere]
• Update tests to check for ValueError when encoding an empty image #​9464 [@​radarhere]
• Upgrade CI from macos-15-intel to macos-26-intel #​9454 [@​hugovk]
• Add check-case-conflict hook #​9446 [@​radarhere]
• Specify platform when pulling docker image #​9440 [@​radarhere]
• GHA: Cache libavif and webp builds for Ubuntu #​9437 [@​hugovk]
• Update macOS tested Pillow versions #​9431 [@​radarhere]

Other changes

• Check calloc return value #​9527 [@​radarhere]
• Check all allocs in the Arrow tree #​9488 [@​wiredfool]
• Reject non-numeric elements inside list coords #​9526 [@​hugovk]
• Move variable declaration inside define #​9525 [@​radarhere]
• Resize tall images vertically first #​9524 [@​radarhere]
• Avoid overflow by not adding extents together #​9520 [@​hugovk]
• Use long for glyph position #​9518 [@​hugovk]
• Raise an error if the trailer chain loops back on itself #​9519 [@​hugovk]
• Only read as much data from gzip-decompressed data as necessary #​9521 [@​hugovk]
• Allow None extents in C setimage() #​9504 [@​radarhere]
• Use critical sections to protect FontObject #​9498 [@​colesbury]
• Add ImageText.Text.wrap() to wrap text #​9286 [@​radarhere]
• Always call StubHandler open() when opening StubImageFile #​9412 [@​radarhere]
• Improved BCn overflow check #​9043 [@​radarhere]
• Image will never be None #​9512 [@​radarhere]
• Raise EOFError when seeking too far in PSD #​9388 [@​radarhere]
• Raise error if ImageGrab subprocess gives non-zero returncode #​9321 [@​radarhere]
• Allow for different palette entry sizes when correcting BMP pixel data offset #​9472 [@​radarhere]
• Ignore unspecified extra samples for TIFF separate planar configuration #​9514 [@​radarhere]
• Add PERF to lint and fix findings #​9510 [@​hugovk]
• Switch iOS back to macos-15-intel #​9509 [@​radarhere]
• Catch struct.error #​9505 [@​radarhere]
• Check PyCapsule_GetPointer and PyBytes_FromStringAndSize return values #​9508 [@​radarhere]
• Fix missing null dereference checks #​9489 [@​wiredfool]
• CI: Retry failed downloads #​9506 [@​hugovk]
• Use PyModule_AddObjectRef #​9503 [@​radarhere]
• Release reference to encoder on error #​9500 [@​radarhere]
• Fixed AVIF and WEBP dealloc #​9501 [@​radarhere]
• Check PyType_Ready return values #​9502 [@​radarhere]
• Check if PyObject_CallMethod result is NULL #​9494 [@​radarhere]
• Do not use palette from grayscale or bilevel colorspace when reading JPEG2000 images #​9468 [@​radarhere]
• If TGA v2 extension area specifies no alpha, fill alpha channel #​9478 [@​radarhere]
• Set image pixels individually on 32-bit Windows #​9492 [@​radarhere]
• Add error messages before returning NULL when encoding #​9493 [@​radarhere]
• Fix _getxy refcount leaks #​9487 [@​hugovk]
• Fix invalid test font #​9483 [@​radarhere]
• Add Exif tag "FrameRate" #​9470 [@​zhiyuanouyang]
• Support reading JPEG2000 images with CMYK palettes #​9456 [@​radarhere]
• Simplify setimage() by always passing extents #​9395 [@​radarhere]
• If bitmap buffer is empty, do not render anything #​8324 [@​radarhere]
• Change to ValueError when encoding an empty image #​9394 [@​radarhere]
• Add FontFile.to_imagefont() #​9419 [@​fjhenigman]
• [pre-commit.ci] pre-commit autoupdate #​9450 [@​pre-commit-ci[bot]]
• Use walrus operator #​9448 [@​radarhere]
• Only close file handle in ImagePalette.save() if it was opened internally #​9444 [@​bysiber]
• Fix self.decode typo #​9445 [@​bysiber]
• Fix BMP RLE delta escape reading from wrong file position #​9443 [@​bysiber]
• Correct error check when encoding AVIF images #​9442 [@​radarhere]
• Fix unexpected error when saving zero dimension images #​9391 [@​radarhere]
• Use uppercase format ID for PALM #​9435 [@​radarhere]

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • ""
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.