VYPR
Medium severity5.5GHSA Advisory· Published May 9, 2026· Updated May 12, 2026

CVE-2026-42310

CVE-2026-42310

Description

Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This issue has been patched in version 12.2.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
pillowPyPI
>= 4.2.0, < 12.2.012.2.0

Affected products

8

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.