DEBIAN-CVE-2026-42308
- Source
- https://security-tracker.debian.org/tracker/CVE-2026-42308
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-42308.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2026-42308
- Upstream
- Published
- 2026-05-09T06:16:09.793Z
- Modified
- 2026-05-13T18:02:09.077313Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0.
- References
Affected packages
Debian:11 / pillow
Package
- Name
- pillow
- Purl
- pkg:deb/debian/pillow?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
8.*
8.1.2+dfsg-0.3
8.1.2+dfsg-0.3+deb11u1
8.1.2+dfsg-0.3+deb11u2
8.1.2+dfsg-0.3+deb11u3
8.1.2+dfsg-1
8.2.0-1
8.3.2-1
8.4.0-1
9.*
9.0.0-1
9.0.1-1
9.1.0-1
9.1.1-1
9.2.0-1
9.2.0-1.1
9.3.0-1
9.4.0-1
9.4.0-1.1
9.5.0-1
10.*
10.0.0-1
10.1.0-1
10.2.0-1
10.3.0-1
10.3.0-2
10.4.0-1
10.4.0-1.1
11.*
11.1.0-1
11.1.0-2
11.1.0-3
11.1.0-4
11.1.0-5
11.2.1-1
11.3.0-1
12.*
12.0.0-1
12.1.0-1
12.1.1-1
12.1.1-2
12.2.0-1
Debian:12 / pillow
Package
- Name
- pillow
- Purl
- pkg:deb/debian/pillow?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Debian:13 / pillow
Package
- Name
- pillow
- Purl
- pkg:deb/debian/pillow?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Debian:14 / pillow
Package
- Name
- pillow
- Purl
- pkg:deb/debian/pillow?arch=source