Skip to content

Out-of-bounds write when loading PSD images

High
radarhere published GHSA-cfh3-3jmp-rvhc Feb 11, 2026

Package

pip Pillow (pip)

Affected versions

>= 10.3.0, < 12.1.1

Patched versions

Pillow 12.1.1

Description

Impact

An out-of-bounds write may be triggered when loading a specially crafted PSD image. Pillow >= 10.3.0 users are affected.

Patches

Pillow 12.1.1 will be released shortly with a fix for this.

Workarounds

Image.open() has a formats parameter that can be used to prevent PSD images from being opened.

References

Pillow 12.1.1 will add release notes at https://pillow.readthedocs.io/en/stable/releasenotes/index.html

Severity

High

CVE ID

CVE-2026-25990

Weaknesses

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer. Learn more on MITRE.

Credits