Unrated severityNVD Advisory· Published Jul 16, 2026
Debian pillow: Pillow is a Python imaging library. Prior to 12.3.0, Pillow's public rank-filter…
CVE-2026-59197
Description
Pillow is a Python imaging library. Prior to 12.3.0, Pillow's public rank-filter API can trigger a native heap out-of-bounds write when given a very large odd filter size because ImageFilter.RankFilter.filter() calls image.expand(size // 2, size // 2) before rank-filter size validation and ImagingExpand() computes output dimensions with unchecked signed int arithmetic. This issue is fixed in version 12.3.0.
Affected products
1Patches
Vulnerability mechanics
News mentions
0No linked articles in our index yet.