CVE-2026-28231
Received Received - Intake
Integer Overflow in pillow_heif Causes Heap Out-of-Bounds Read

Publication date: 2026-02-27

Last updated on: 2026-03-04

Assigner: GitHub, Inc.

Description
pillow_heif is a Python library for working with HEIF images and plugin for Pillow. Prior to version 1.3.0, an integer overflow in the encode path buffer validation of `_pillow_heif.c` allows an attacker to bypass bounds checks by providing large image dimensions, resulting in a heap out-of-bounds read. This can lead to information disclosure (server heap memory leaking into encoded images) or denial of service (process crash). No special configuration is required β€” this triggers under default settings. Version 1.3.0 fixes the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-27
Last Modified
2026-03-04
Generated
2026-06-16
AI Q&A
2026-02-27
EPSS Evaluated
2026-06-14
NVD
CVE-2026-28231
EUVD
EUVD-2026-9061
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
bigcat88 pillow-heif to 1.3.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-190 The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability exists in the pillow_heif Python library, which is used for handling HEIF images and acts as a plugin for Pillow. Before version 1.3.0, there is an integer overflow in the encode path buffer validation within the _pillow_heif.c file. This overflow allows an attacker to bypass bounds checks by supplying very large image dimensions.

As a result, this leads to a heap out-of-bounds read, meaning the program reads memory outside the allocated buffer. This can cause sensitive server memory to leak into the encoded images or cause the process to crash.

No special configuration is needed to trigger this vulnerability; it occurs under default settings. The issue was fixed in version 1.3.0 of pillow_heif.

Impact Analysis

This vulnerability can impact you in two main ways:

  • Information disclosure: Sensitive server heap memory may leak into encoded images, potentially exposing confidential data.
  • Denial of service: The process handling the images may crash due to the heap out-of-bounds read, causing service interruptions.
Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, upgrade the pillow_heif Python library to version 1.3.0 or later, where the integer overflow issue in the encode path buffer validation has been fixed.

No special configuration is required to trigger the vulnerability, so simply updating the library will prevent exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-28231. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart