CVE-2026-42309: Pillow is a Python imaging library. From version 11.2.1 to before version 12.2.0, passing nested lists as coordinates to APIs that accept coordinates such as…

medium5.1CVSS 4.0

AVLACLATNPRNUINVCNVINVALSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX

Pillow is a Python imaging library. From version 11.2.1 to before version 12.2.0, passing nested lists as coordinates to APIs that accept coordinates such as ImagePath.Path, ImageDraw.ImageDraw.polygon and ImageDraw.ImageDraw.line could cause a heap buffer overflow, as nested lists were recursively unpacked beyond the allocated buffer. Coordinate lists are now validated to contain exactly two numeric coordinates. This issue has been patched in version 12.2.0.

Affected

59 ranges· showing 25

Vendor	Product	Version range	Fixed in
ansible-automation-platform-25	lightspeed-chatbot-rhel8	—	—
ansible-automation-platform-26	hub-rhel9	—	—
ansible-automation-platform-26	lightspeed-chatbot-rhel9	—	—
ansible-automation-platform	automation-dashboard-rhel9	—	—
exploit-intelligence-tech-preview	vulnerability-analysis-rhel9	—	—
openshift-lightspeed	lightspeed-ocp-rag-rhel9	—	—
openshift-lightspeed	lightspeed-service-api-rhel9	—	—
pen-drive	pen-drive-scanner-rhel9	—	—
python-pillow	pillow	—	—
python	pillow	>= 11.2.1 < 12.2.0	12.2.0
python	pillow	>= 11.2.1 < 12.2.0	12.2.0
quay	quay-rhel8	—	—
quay	quay-rhel9	—	—
rhaiis	model-opt-cuda-rhel9	—	—
rhaiis	vllm-cpu-rhel9	—	—
rhaiis	vllm-cuda-rhel9	—	—
rhaiis	vllm-neuron-rhel9	—	—
rhaiis	vllm-rocm-rhel9	—	—
rhaiis	vllm-spyre-rhel9	—	—
rhaiis	vllm-tpu-rhel9	—	—
rhelai3	bootc-aws-cuda-rhel9	—	—
rhelai3	bootc-azure-cuda-rhel9	—	—
rhelai3	bootc-azure-rocm-rhel9	—	—
rhelai3	bootc-cuda-rhel9	—	—
rhelai3	bootc-gcp-cuda-rhel9	—	—