CVE-2026-42311 Overview
CVE-2026-42311 is an integer overflow vulnerability [CWE-190] in Pillow, the widely used Python imaging library. The flaw affects versions from 10.3.0 up to but not including 12.2.0. Processing a maliciously crafted Photoshop Document (PSD) file triggers memory corruption inside Pillow's image tile handling code. Successful exploitation can crash the host process or lead to arbitrary code execution in the context of the application using Pillow. The maintainers patched the issue in Pillow 12.2.0 by validating tile extents before they are passed to the native decoder.
Critical Impact
A malicious PSD file processed by an application using a vulnerable version of Pillow can corrupt memory and lead to arbitrary code execution within the affected Python process.
Affected Products
- Python Pillow versions >=10.3.0 and <12.2.0
- Applications and services that decode untrusted PSD images using Pillow
- Python environments and containers bundling vulnerable Pillow wheels
Discovery Timeline
- 2026-05-09 - CVE-2026-42311 published to NVD
- 2026-05-14 - Last updated in NVD database
Technical Details for CVE-2026-42311
Vulnerability Analysis
The vulnerability resides in Pillow's PSD decoder path, where tile extent coordinates supplied by the image file are used to configure the C decoder state without sufficient bounds checking. When Pillow processes a PSD file, the parser reads tile coordinates (x0, y0, x1, y1) and forwards them to native code in src/decode.c. The pre-patch code computed xsize = x1 - x0 and ysize = y1 - y0 and trusted the results without verifying that the coordinates were within the image dimensions. A crafted PSD can specify extents that overflow integer arithmetic or exceed the underlying image buffer, causing the decoder to write outside the allocated pixel memory.
Root Cause
The root cause is missing validation of attacker-controlled tile boundaries before they are used in pointer arithmetic and buffer indexing. Because x1 - x0 and y1 - y0 were computed without checking signs or maximums, negative or oversized extents produced corrupted state values consumed by the C decoder. This classifies the issue as an integer overflow leading to out-of-bounds memory access.
Attack Vector
Exploitation requires the victim application to call Pillow on a PSD file supplied by the attacker. Common scenarios include image upload endpoints, thumbnail generators, document pipelines, and offline batch converters. The attack requires no privileges and no user interaction beyond the normal image processing workflow, but is scored as a local vector because the malicious file must be delivered to the processing host.
# Security patch in src/PIL/ImageFile.py - validate tile extents (#9520)
if extents:
x0, y0, x1, y1 = extents
if x0 < 0 or y0 < 0 or x1 > self.im.size[0] or y1 > self.im.size[1]:
msg = "Tile cannot extend outside image"
raise ValueError(msg)
self.state.xoff = x0
self.state.yoff = y0
self.state.xsize = x1 - x0
# Source: https://github.com/python-pillow/Pillow/commit/58f9a1d166dcb0c274807d4423522d205b0c35ea
/* Security patch in src/decode.c - validate extents in native decoder (#9520) */
if (x0 < 0 || y0 < 0 || x1 <= x0 || y1 <= y0 || x1 > (int)im->xsize ||
y1 > (int)im->ysize) {
PyErr_SetString(PyExc_ValueError, "tile cannot extend outside image");
return NULL;
}
decoder->im = im;
state = &decoder->state;
/* Source: https://github.com/python-pillow/Pillow/commit/58f9a1d166dcb0c274807d4423522d205b0c35ea */
Detection Methods for CVE-2026-42311
Indicators of Compromise
- Python processes terminating with SIGSEGV or SIGABRT shortly after opening .psd files
- Unexpected ValueError: tile cannot extend outside image exceptions after upgrade, indicating malformed PSD inputs
- PSD uploads with tile coordinates that exceed the declared image canvas dimensions
- Image-processing workers crashing or restarting when handling specific user-supplied files
Detection Strategies
- Inventory installed Pillow versions across hosts and containers using pip show pillow or SBOM tooling, and flag any version >=10.3.0,<12.2.0.
- Inspect PSD files at upload boundaries and reject those whose tile extents are negative or exceed the image header dimensions.
- Monitor application logs and crash telemetry for repeated decoder faults associated with PSD inputs.
Monitoring Recommendations
- Forward image-processing service crash dumps and stderr to a central logging platform for correlation.
- Alert on file upload patterns where PSD files trigger worker restarts or memory faults.
- Track dependency drift with software composition analysis to ensure Pillow stays on a patched release.
How to Mitigate CVE-2026-42311
Immediate Actions Required
- Upgrade Pillow to version 12.2.0 or later in all production, staging, and developer environments.
- Rebuild and redeploy container images that bundle Pillow so cached layers do not retain vulnerable versions.
- Audit pipelines that accept PSD files from untrusted sources and quarantine any pending uploads until patched.
Patch Information
The fix is included in Pillow 12.2.0. The patch adds bounds checks in both src/PIL/ImageFile.py and src/decode.c so that tile extents outside the image are rejected before reaching the native decoder. Review the GitHub Security Advisory GHSA-pwv6-vv43-88gr, the upstream commit, and the Pillow 12.2.0 release notes.
Workarounds
- Disable PSD ingestion in applications that cannot immediately upgrade, by filtering on file magic bytes and rejecting 8BPS headers.
- Pre-validate PSD headers and refuse files whose declared tile extents fall outside the image canvas.
- Run image decoding in a sandboxed, low-privilege worker process with strict resource and syscall limits to contain potential exploitation.
# Configuration example: pin a patched Pillow version
pip install --upgrade 'Pillow>=12.2.0'
# Verify the installed version
python -c "import PIL, sys; print(PIL.__version__); sys.exit(0 if tuple(int(x) for x in PIL.__version__.split('.')[:2]) >= (12, 2) else 1)"
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
