CVE-2026-42310
published 2026-05-09CVE-2026-42310: Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang…
medium5.1CVSS 4.0
AVLACLATNPRNUINVCNVINVALSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This issue has been patched in version 12.2.0.
Affected
57 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ansible-automation-platform-25 | lightspeed-chatbot-rhel8 | — | — |
| ansible-automation-platform-26 | hub-rhel9 | — | — |
| ansible-automation-platform-26 | lightspeed-chatbot-rhel9 | — | — |
| ansible-automation-platform | automation-dashboard-rhel9 | — | — |
| exploit-intelligence-tech-preview | vulnerability-analysis-rhel9 | — | — |
| openshift-lightspeed | lightspeed-ocp-rag-rhel9 | — | — |
| openshift-lightspeed | lightspeed-service-api-rhel9 | — | — |
| python-pillow | pillow | — | — |
| python | pillow | >= 4.2.0 < 12.2.0 | 12.2.0 |
| python | pillow | >= 4.2.0 < 12.2.0 | 12.2.0 |
| quay | quay-rhel8 | — | — |
| quay | quay-rhel9 | — | — |
| rhaiis | model-opt-cuda-rhel9 | — | — |
| rhaiis | vllm-cpu-rhel9 | — | — |
| rhaiis | vllm-cuda-rhel9 | — | — |
| rhaiis | vllm-neuron-rhel9 | — | — |
| rhaiis | vllm-rocm-rhel9 | — | — |
| rhaiis | vllm-spyre-rhel9 | — | — |
| rhaiis | vllm-tpu-rhel9 | — | — |
| rhelai3 | bootc-aws-cuda-rhel9 | — | — |
| rhelai3 | bootc-azure-cuda-rhel9 | — | — |
| rhelai3 | bootc-azure-rocm-rhel9 | — | — |
| rhelai3 | bootc-cuda-rhel9 | — | — |
| rhelai3 | bootc-gcp-cuda-rhel9 | — | — |
| rhelai3 | bootc-rocm-rhel9 | — | — |