Executive Summary

CVE-2026-25990 is a high-severity vulnerability in the Pillow Python imaging library that affects versions from 10.3.0 up to, but not including, 12.1.1.

The issue is an out-of-bounds write triggered when loading specially crafted PSD (Photoshop Document) images. This happens because the library does not properly validate tile extents with negative offsets during image decoding and encoding, allowing data to be written beyond allocated memory buffers.

This vulnerability can lead to memory corruption or other security risks during image processing. It is fixed in Pillow version 12.1.1 by adding explicit validation checks that raise exceptions if tile extents are invalid.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to memory corruption when processing specially crafted PSD images using the Pillow library.

Memory corruption can cause application crashes, unexpected behavior, or potentially allow an attacker to execute arbitrary code or escalate privileges depending on the context in which the library is used.

Since the vulnerability is triggered without any user interaction (no privileges or authentication required), it poses a significant risk if untrusted PSD images are processed.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to load specially crafted PSD images that trigger the out-of-bounds write in vulnerable Pillow versions (10.3.0 to before 12.1.1). Specifically, tests can be performed by opening PSD files with invalid tile extents using the Pillow Image.open() function in Python.'}, {'type': 'paragraph', 'content': "For detection, you can run Python test scripts that try to open PSD files known to trigger the issue, such as 'psd-oob-write.psd', 'psd-oob-write-x.psd', and 'psd-oob-write-y.psd'. If the Pillow version is vulnerable, these attempts will not raise the expected exceptions."}, {'type': 'paragraph', 'content': 'Example Python commands to test for the vulnerability:'}, {'type': 'list_item', 'content': "Use Python interactive shell or a script to attempt opening a PSD file: \n```python\nfrom PIL import Image\ntry:\n Image.open('psd-oob-write.psd')\n print('No exception raised - vulnerable')\nexcept ValueError as e:\n print('Exception raised:', e)\n```"}, {'type': 'list_item', 'content': "If the exception 'tile cannot extend outside image' (ValueError) is raised, the Pillow version includes the fix and is not vulnerable."}] [2]

Useful 0 Not Useful 0

Mitigation Strategies

[{'type': 'paragraph', 'content': 'The primary mitigation step is to upgrade the Pillow library to version 12.1.1 or later, where the vulnerability has been fixed by adding validation to prevent out-of-bounds writes when processing PSD images.'}, {'type': 'paragraph', 'content': "As a temporary workaround before upgrading, you can prevent PSD images from being opened by specifying the 'formats' parameter in the Image.open() function to exclude PSD files."}, {'type': 'list_item', 'content': 'Upgrade Pillow to version 12.1.1 or later.'}, {'type': 'list_item', 'content': 'Avoid processing PSD images with vulnerable Pillow versions by restricting or filtering input formats.'}, {'type': 'list_item', 'content': 'Apply any official patches or updates provided by the Pillow maintainers.'}] [1]

Useful 0 Not Useful 0