Nixpkgs Security Tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: python312Packages.pillow

Found 1 matching suggestions

Published
Permalink CVE-2026-25990
updated 3 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion 3 weeks, 4 days ago
  • @LeSuisse removed
    18 packages
    • python312Packages.pillow-heif
    • python312Packages.pillow-jpls
    • python312Packages.pillowfight
    • python313Packages.pillow-heif
    • python313Packages.pillow-jpls
    • python313Packages.pillowfight
    • python314Packages.pillow-heif
    • python314Packages.pillow-jpls
    • python314Packages.pillowfight
    • python312Packages.types-pillow
    • python313Packages.types-pillow
    • python314Packages.types-pillow
    • python312Packages.pypillowfight
    • python313Packages.pypillowfight
    • python314Packages.pillow
    • python313Packages.pillow-avif-plugin
    • python312Packages.pillow-avif-plugin
    • python314Packages.pypillowfight
    3 weeks ago
  • @LeSuisse added package python314Packages.pillow 3 weeks ago
  • @LeSuisse removed maintainer @mweinelt 3 weeks ago
  • @LeSuisse accepted 3 weeks ago
  • @LeSuisse published on GitHub 3 weeks ago
Pillow has an out-of-bounds write when loading PSD images

Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.

References

Affected products

Pillow
  • ==>= 10.3.0, < 12.1.1

Matching in nixpkgs

Package maintainers

Ignored maintainers (1) 
Upstream advisory: https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc
Upstream patch: https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa