NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-42309

Summary	Pillow is a Python imaging library. From version 11.2.1 to before version 12.2.0, passing nested lists as coordinates to APIs that accept coordinates such as ImagePath.Path, ImageDraw.ImageDraw.polygon and ImageDraw.ImageDraw.line could cause a heap buffer overflow, as nested lists were recursively unpacked beyond the allocated buffer. Coordinate lists are now validated to contain exactly two numeric coordinates. This issue has been patched in version 12.2.0.
Publication Date	May 9, 2026, 3:16 p.m.
Registration Date	May 10, 2026, 4:10 a.m.
Last Update	May 9, 2026, 3:16 p.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/python-pillow/Pillow/releases/tag/12.2.0	security-advisories@github.com
2	https://github.com/python-pillow/Pillow/security/advisories/GHSA-5xmw-vc9v-4wf2	security-advisories@github.com

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-122	ヒープオーバーフロー	https://cwe.mitre.org/data/definitions/122.html