Skip to content
Threat Feed
low advisory

Pillow Python Imaging Library Vulnerable to Out-of-Memory via Crafted JPEG2000

A denial-of-service vulnerability, CVE-2026-59204, exists in the Pillow Python imaging library versions 8.2.0 through 12.2.0, allowing a remote attacker to trigger an out-of-memory error and crash applications by processing a specially crafted tiled JPEG2000 image.

CVE-2026-59204 identifies a denial-of-service vulnerability in the Pillow Python imaging library, affecting versions from 8.2.0 up to, but not including, 12.3.0. The flaw resides in src/libImaging/Jpeg2KDecode.c, where the total_component_width variable accumulates incorrectly across every tile in a JPEG2000 image during decoding, rather than being reset per tile. This miscalculation allows an attacker to craft a malicious tiled JPEG2000 file that, when processed by a vulnerable Pillow instance, forces a substantially higher transient memory allocation. This excessive memory request leads to an out-of-memory (OOM) error, causing the Python application using Pillow to crash or become unresponsive. The vulnerability enables unauthenticated denial-of-service against applications relying on Pillow for JPEG2000 image processing. The issue has been fixed in Pillow version 12.3.0.

Attack Chain

  1. Crafting Malicious Input: An attacker creates a specially crafted tiled JPEG2000 image file designed to exploit the memory accumulation logic within Pillow's Jpeg2KDecode.c.
  2. Delivery: The attacker delivers the malicious JPEG2000 image to a target system. This could occur through various means such as an upload to a web application, an email attachment, or embedding in other file formats, targeting any Python application that processes images using Pillow.
  3. Initiate Processing: A Python application, utilizing a vulnerable version of the Pillow library (8.2.0-12.2.0), attempts to open, decode, or otherwise process the received malicious JPEG2000 image.
  4. Vulnerable Decoding: During the decoding of the tiled JPEG2000 image, the src/libImaging/Jpeg2KDecode.c component executes its internal logic.
  5. Incorrect Memory Calculation: The total_component_width variable within the Jpeg2KDecode.c function incorrectly accumulates its value across all tiles, rather than recomputing it for each individual tile, due to the crafted image structure.
  6. Excessive Memory Request: This incorrect calculation leads Pillow to request a significantly larger amount of transient memory than necessary to handle the image data.
  7. Out-of-Memory (OOM): The system is unable to fulfill the excessive memory allocation request, resulting in an out-of-memory error being triggered.
  8. Denial of Service: The Python application processing the image crashes or becomes unresponsive, leading to a denial of service for the application or the service it provides.

Impact

Successful exploitation of CVE-2026-59204 results in a denial-of-service condition for any Python application or service that utilizes the vulnerable Pillow library (versions 8.2.0 through 12.2.0) to process JPEG2000 images. When a crafted image is processed, the application will crash due to an out-of-memory error, rendering it unavailable to legitimate users. This can lead to significant operational disruptions, loss of service availability, and potential data processing backlogs, particularly for image-intensive applications or services. While no specific victim count or targeted sectors are provided, any organization using affected Pillow versions is at risk.

Recommendation

  • Patch CVE-2026-59204 immediately by upgrading the Pillow library to version 12.3.0 or newer to mitigate the out-of-memory vulnerability.
  • Monitor application logs for out-of-memory errors, application crashes, or sudden process terminations specifically related to image processing tasks, as these may indicate attempted or successful exploitation of CVE-2026-59204.
  • Implement robust input validation and sanitization for all user-supplied image files, particularly JPEG2000, to detect and reject malformed or unusually large files before they are processed by the Pillow library.