CVE-2026-54058

Source
https://cve.org/CVERecord?id=CVE-2026-54058
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-54058.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-54058
Aliases
  • GHSA-62p4-gmf7-7g93
Downstream
Related
Published
2026-07-14T16:27:38.050Z
Modified
2026-07-16T10:14:37.957870165Z
Severity
  • 8.3 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
Pillow: Out-of-bounds read via attacker-controlled row stride on Pillow's mmap path (McIdas AREA files)
Details

Pillow is a Python imaging library. Prior to 12.3.0, when Pillow loads an uncompressed McIdas AREA image from a filename through the mmap raw codec path, attacker-controlled header words can set a row stride smaller than the natural row width, causing pixel access such as Image.tobytes(), getpixel, convert, or save to read beyond the mapped region and disclose adjacent process memory or fault. This issue is fixed in version 12.3.0.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/54xxx/CVE-2026-54058.json",
    "cwe_ids": [
        "CWE-125"
    ],
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/python-pillow/pillow

Affected ranges

Type
GIT
Repo
https://github.com/python-pillow/pillow
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "12.3.0"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ]
}

Affected versions

1.*
1.0
1.2
1.7.7
1.7.8
10.*
10.0.0
10.1.0
10.2.0
10.3.0
10.4.0
11.*
11.0.0
11.1.0
11.2.1
11.3.0
12.*
12.0.0
12.1.0
12.2.0
2.*
2.0.0
2.1.0
2.2.0
2.2.1
2.3.0
2.5.0
2.7.0
2.8.0
2.8.1
2.9.0
2.9.0.dev0
2.9.0.dev1
2.9.0.dev2
3.*
3.1.0
3.1.0-rc1
3.2.0
3.3.0
3.4.0
4.*
4.0.0
4.0.0a
4.1.0
4.2.0
4.3.0
5.*
5.0.0
5.1.0
5.2.0
5.3.0
5.4.0
6.*
6.0.0
6.1.0
6.2.0
7.*
7.0.0
7.1.0
7.2.0
8.*
8.0.0
8.1.0
8.2.0
8.3.0
8.4.0
9.*
9.0.0
9.1.0
9.2.0
9.3.0
9.4.0
9.5.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-54058.json"