Unrated severityNVD Advisory· Published Jul 16, 2026
Debian pillow: Pillow is a Python imaging library. From 8.2.0 through 12.2.0, src/libImaging/Jp…
CVE-2026-59204
Description
Pillow is a Python imaging library. From 8.2.0 through 12.2.0, src/libImaging/Jpeg2KDecode.c accumulates total_component_width across every tile in a JPEG2000 image instead of recomputing it per tile, allowing a crafted tiled JPEG2000 file to force substantially higher transient memory usage and trigger out-of-memory failures during decoding. This issue is fixed in version 12.3.0.
Affected products
3- Range: >=8.2.0 <=12.2.0
Patches
Vulnerability mechanics
News mentions
0No linked articles in our index yet.