DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2026-25990: Pillow Fight: Weaponizing Photoshop Files via OOB Writes

#security #cve #cybersecurity

Pillow Fight: Weaponizing Photoshop Files via OOB Writes

Vulnerability ID: CVE-2026-25990
CVSS Score: 8.9
Published: 2026-02-11

A high-severity Out-of-Bounds Write vulnerability exists in Pillow, the de facto Python Imaging Library, specifically within its Photoshop Document (PSD) handler. The flaw arises from a failure to validate negative image offsets in the C extension modules, allowing attackers to write pixel data to arbitrary memory locations preceding the allocated buffer. This can lead to heap corruption, denial of service, or potentially remote code execution when processing malicious images.

TL;DR

Pillow versions 10.3.0 to <12.1.1 fail to sanity-check negative coordinates in PSD layers. By crafting a Photoshop file with a layer offset like x=-100, an attacker can trick the C backend into writing data before the start of the image buffer. This heap corruption primitive can be leveraged for RCE.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-787 (Out-of-bounds Write)
  • CVSS Score: 8.9 (High)
  • Attack Vector: Network (Image Upload)
  • Impact: RCE / Denial of Service
  • Component: src/decode.c (_setimage)
  • Fix Version: 12.1.1

Affected Systems

  • Python applications using Pillow < 12.1.1
  • Web applications accepting PSD uploads
  • Image processing pipelines (AWS Lambda, Celery workers)
  • Pillow: >= 10.3.0, < 12.1.1 (Fixed in: 12.1.1)

Code Analysis

Commit: 9000313

Added checks for negative offsets in _setimage to prevent OOB write

- if (state->xsize <= 0 || state->xsize + state->xoff > (int)im->xsize ||
+ if (state->xoff < 0 || state->xsize <= 0 ||
+     state->xsize + state->xoff > (int)im->xsize || state->yoff < 0 ||
Enter fullscreen mode Exit fullscreen mode

Mitigation Strategies

  • Update Pillow to version 12.1.1 or higher.
  • Disable the PSD image plugin if not required by the application.
  • Implement strict input validation on uploaded file types.

Remediation Steps:

  1. Run pip install --upgrade Pillow to fetch the latest version.
  2. Restart any application services (Gunicorn, Uvicorn, Celery) to load the new library version.
  3. Audit codebases for Image.open() calls that handle user-supplied content.

References

Read the full report for CVE-2026-25990 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)