CPE
Denial-of-Service Vulnerability in Pillow EPS Parser (CVE-2026-59203)
1 TTP 1 CVEA denial-of-service vulnerability, CVE-2026-59203, exists in the Python imaging library Pillow, affecting versions 12.0.0 through 12.2.0, where a specially crafted EPS file with a negative byte count in the `%%BeginBinary` directive can cause an infinite loop and resource exhaustion when processed by the `Image.open()` function, leading to application unresponsiveness.
Pillow TGA RLE Encoder Out-of-Bounds Read (CVE-2026-59198)
1 TTP 1 CVEA critical out-of-bounds read vulnerability, CVE-2026-59198, exists in Pillow versions 5.2.0 through 12.2.x, specifically within its TGA RLE encoder, allowing adjacent process heap bytes to be copied into generated TGA files, which can lead to information disclosure.
Pillow Python Imaging Library Vulnerable to Out-of-Memory via Crafted JPEG2000
1 TTP 1 CVEA denial-of-service vulnerability, CVE-2026-59204, exists in the Pillow Python imaging library versions 8.2.0 through 12.2.0, allowing a remote attacker to trigger an out-of-memory error and crash applications by processing a specially crafted tiled JPEG2000 image.