CVE-2026-42310 Overview
CVE-2026-42310 is a denial of service vulnerability in Pillow, the Python imaging library. Versions from 4.2.0 up to but not including 12.2.0 contain a flaw in the PDF parser that allows a malicious PDF file to trigger an infinite loop. When the parser processes a crafted document whose trailer chain references itself, the process hangs indefinitely, consumes 100% CPU, and renders the host application unresponsive. The issue is tracked as CWE-835 (Loop with Unreachable Exit Condition). The maintainers patched the defect in Pillow version 12.2.0 by detecting cycles in the cross-reference trailer chain.
Critical Impact
A single malicious PDF can lock a Pillow-based image processing pipeline at 100% CPU usage, causing service-wide unavailability for applications that accept untrusted PDF input.
Affected Products
- Python Pillow versions 4.2.0 through 12.1.x
- Applications embedding Pillow's PdfParser module for PDF ingestion
- Image processing pipelines that accept untrusted PDF files
Discovery Timeline
- 2026-05-09 - CVE-2026-42310 published to NVD
- 2026-05-12 - Last updated in NVD database
Technical Details for CVE-2026-42310
Vulnerability Analysis
The vulnerability resides in src/PIL/PdfParser.py, specifically in the read_prev_trailer method. PDF files use cross-reference (xref) tables to locate objects within the document. Each trailer may contain a Prev entry pointing to a previous trailer, forming a chain that the parser walks recursively. The parser did not track which trailer offsets it had already visited. An attacker can craft a PDF where a trailer's Prev value references an earlier offset in the chain, creating a cycle. The parser then traverses the same trailers repeatedly without an exit condition, saturating a CPU core until the process is terminated.
Root Cause
The root cause is missing cycle detection during recursive trailer traversal. The read_prev_trailer function accepted an xref_section_offset argument and called itself for each Prev reference, but it kept no record of previously processed offsets. With no termination check, a self-referential trailer chain produced an infinite loop classified under [CWE-835].
Attack Vector
Exploitation requires the victim application to parse an attacker-supplied PDF using Pillow. The attack vector is local in CVSS terms because the malicious file must be presented to the parsing process, but practical exposure includes any service that accepts user-uploaded PDFs and converts them with Pillow, such as document preview generators, OCR pipelines, or thumbnailing services. No authentication or user interaction with the Pillow process itself is required beyond delivering the file.
if b"Prev" in self.trailer_dict:
self.read_prev_trailer(self.trailer_dict[b"Prev"])
- def read_prev_trailer(self, xref_section_offset: int) -> None:
+ def read_prev_trailer(
+ self, xref_section_offset: int, processed_offsets: list[int] = []
+ ) -> None:
assert self.buf is not None
trailer_offset = self.read_xref_table(xref_section_offset=xref_section_offset)
m = self.re_trailer_prev.search(
Source: Pillow commit 3bf614e. The patch adds a processed_offsets list so the parser raises an error when the trailer chain loops back on itself.
Detection Methods for CVE-2026-42310
Indicators of Compromise
- A Python worker process executing Pillow's PdfParser sustaining 100% CPU on a single core for an extended period.
- Application threads stalled inside PIL/PdfParser.py frames, particularly read_prev_trailer and read_xref_table.
- PDF inputs containing self-referential Prev offsets in their trailer dictionaries.
Detection Strategies
- Inventory installed Pillow versions across hosts and containers using package managers such as pip list or SBOM tooling, and flag versions earlier than 12.2.0.
- Add file-format validation that parses incoming PDFs with a lightweight library to reject documents whose xref chains contain cycles before handing them to Pillow.
- Instrument PDF-processing workers with execution timeouts so a hung parse is terminated and logged.
Monitoring Recommendations
- Alert on Python processes that hold sustained CPU above a threshold while parsing user-uploaded files.
- Track the count of PDF parse jobs that exceed expected duration and correlate with the uploading user or source IP.
- Log SHA-256 hashes of PDF inputs that trigger timeouts to support hunting and indicator sharing.
How to Mitigate CVE-2026-42310
Immediate Actions Required
- Upgrade Pillow to version 12.2.0 or later on all systems where it is installed.
- Rebuild and redeploy container images that bundle vulnerable Pillow versions.
- Audit downstream dependencies that pin Pillow below 12.2.0 and request updates from those maintainers.
Patch Information
The fix is included in Pillow 12.2.0. Review the GitHub Security Advisory GHSA-r73j-pqj5-w3x7, the Pillow 12.2.0 release notes, and the pull request #9519 for full remediation details.
Workarounds
- Enforce a hard wall-clock timeout around any Pillow PDF parsing call so a hung worker is killed and restarted.
- Run PDF parsing in isolated subprocesses with CPU and memory limits using resource.setrlimit or container-level cgroup constraints.
- Pre-validate PDFs with a separate parser and reject files whose trailer Prev chain revisits an earlier offset.
# Upgrade Pillow to the patched release
pip install --upgrade "Pillow>=12.2.0"
# Verify the installed version
python -c "import PIL; print(PIL.__version__)"
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
