{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/python/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-25990"}],"_cs_exploited":false,"_cs_products":["Pillow (\u003e= 10.3.0, \u003c 12.2.0)"],"_cs_severities":["high"],"_cs_tags":["pillow","oob-write","integer-overflow","psd","memory-corruption"],"_cs_type":"advisory","_cs_vendors":["Python"],"content_html":"\u003cp\u003ePillow, a popular Python image processing library, is vulnerable to an out-of-bounds write vulnerability (CVE-2026-42311) when processing PSD files. Specifically, versions 10.3.0 up to 12.1.1 contain a flaw in how they handle tile extents in PSD image decoding and encoding. The vulnerability arises from an integer overflow when calculating tile extent sums, which bypasses intended bounds checks. This allows a specially crafted PSD image with malicious tile dimensions to trigger an out-of-bounds write in \u003ccode\u003esrc/decode.c\u003c/code\u003e and \u003ccode\u003esrc/encode.c\u003c/code\u003e. Successful exploitation could lead to memory corruption, resulting in a crash or, more critically, arbitrary code execution. The issue was initially addressed in version 12.1.1 (CVE-2026-25990) but the fix was incomplete due to the integer overflow issue. The vulnerability is resolved in Pillow version 12.2.0 by avoiding the addition of extents before comparison.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious PSD image file with specific tile dimensions designed to trigger an integer overflow.\u003c/li\u003e\n\u003cli\u003eThe victim\u0026rsquo;s application, using a vulnerable version of Pillow (10.3.0 - 12.1.1), attempts to process the malicious PSD file.\u003c/li\u003e\n\u003cli\u003eDuring PSD image decoding/encoding, Pillow calculates the tile extent sums.\u003c/li\u003e\n\u003cli\u003eDue to the crafted tile dimensions, the integer overflow occurs, causing the calculated extent sums to wrap around.\u003c/li\u003e\n\u003cli\u003eThe wrapped-around extent sums bypass the bounds checks implemented in Pillow.\u003c/li\u003e\n\u003cli\u003eAn out-of-bounds write operation occurs in \u003ccode\u003esrc/decode.c\u003c/code\u003e or \u003ccode\u003esrc/encode.c\u003c/code\u003e, corrupting memory.\u003c/li\u003e\n\u003cli\u003eThe memory corruption leads to either a crash of the application or, in a more severe scenario, allows the attacker to inject and execute arbitrary code.\u003c/li\u003e\n\u003cli\u003eThe attacker gains control of the affected system, potentially leading to further malicious activities like data exfiltration or lateral movement.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability can lead to denial of service (application crash) or, more critically, arbitrary code execution. If an attacker can execute code on a system, they could potentially gain complete control of the system. This could lead to data theft, system compromise, and further propagation of attacks. The vulnerability affects any application that uses the Pillow library to process PSD files, potentially impacting a wide range of software across various sectors.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Pillow to version 12.2.0 or later to remediate CVE-2026-42311, which corrects the integer overflow issue and prevents the out-of-bounds write.\u003c/li\u003e\n\u003cli\u003eMonitor process creations for the execution of Python scripts (\u003ccode\u003epython.exe\u003c/code\u003e, \u003ccode\u003epython3\u003c/code\u003e) that process untrusted PSD files. Deploy the Sigma rule \u003ccode\u003eDetect Pillow PSD Processing\u003c/code\u003e to identify potentially malicious PSD processing activity.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-04T20:20:31Z","date_published":"2026-05-04T20:20:31Z","id":"/briefs/2024-01-pillow-oob-write/","summary":"Pillow versions 10.3.0 through 12.1.1 are vulnerable to an out-of-bounds write in PSD image decoding/encoding due to an integer overflow when computing tile extent sums, potentially leading to arbitrary code execution.","title":"Pillow Out-of-Bounds Write Vulnerability in PSD Processing (CVE-2026-42311)","url":"https://feed.craftedsignal.io/briefs/2024-01-pillow-oob-write/"}],"language":"en","title":"CraftedSignal Threat Feed — Python","version":"https://jsonfeed.org/version/1.1"}