CVE-2026-54060
Undergoing Analysis Undergoing Analysis - In Progress

Memory Exhaustion in Pillow Font Processing

Vulnerability report for CVE-2026-54060, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-06

Last updated on: 2026-07-06

Assigner: GitHub, Inc.

Description

Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile() assembled per-glyph images into a combined bitmap with Image.new("1", (xsize, ysize)) without calling Image._decompression_bomb_check(), allowing a font to trigger excessive allocation during conversion or saving. This issue is fixed in version 12.3.0.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-06
Last Modified
2026-07-06
Generated
2026-07-06
AI Q&A
2026-07-06
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
python pillow 12.3.0
python pillow to 12.3.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-789 The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The vulnerability CVE-2026-54060 in Pillow allows an attacker to cause excessive memory allocation leading to denial-of-service (DoS) or out-of-memory (OOM) crashes. This impacts the availability aspect of systems using the affected Pillow versions.

While the vulnerability primarily affects availability, it does not directly compromise confidentiality or integrity of data. Therefore, its impact on compliance with data protection regulations such as GDPR or HIPAA is indirect and limited to potential service disruptions.

Organizations relying on Pillow for image processing should consider that availability interruptions caused by this vulnerability could affect their ability to meet uptime and service continuity requirements under these regulations.

Mitigation Strategies

The primary mitigation step is to upgrade the Pillow library to version 12.3.0 or later, where this vulnerability is fixed by adding decompression bomb checks to the FontFile classes.

If upgrading immediately is not possible, consider restricting or validating font files processed by your application to prevent processing of fonts with large glyph dimensions that could trigger excessive memory allocation.

Additionally, monitor your systems for unusual memory usage or crashes related to font processing as a temporary measure.

Executive Summary

CVE-2026-54060 is a vulnerability in the Pillow Python imaging library prior to version 12.3.0. The issue occurs in the FontFile.compile() method, which assembles per-glyph images into a combined bitmap without performing a decompression bomb check. This allows an attacker to craft a font file with many large glyphs that, when combined, create an extremely large image, causing excessive memory allocation.

Because the standard decompression bomb guard is bypassed for certain font file classes, this can lead to denial-of-service or out-of-memory crashes when processing malicious font files.

Impact Analysis

This vulnerability can cause excessive memory allocation (around 1.6 GB) when processing specially crafted font files, potentially leading to denial-of-service (DoS) or out-of-memory (OOM) crashes.

An attacker can exploit this without any privileges or user interaction by providing a malicious font file that triggers the vulnerability during image processing.

The impact is primarily on availability, as the application or system using Pillow may become unresponsive or crash due to resource exhaustion.

Detection Guidance

This vulnerability involves the Pillow Python imaging library's FontFile.compile() method, which can be triggered by processing crafted font files with large glyph dimensions. Detection involves identifying usage of vulnerable Pillow versions (prior to 12.3.0) and monitoring for processing of suspicious font files, especially those with many glyphs of large height.

Since the issue is triggered by font files with large glyph sizes, you can detect attempts by scanning for font files with unusually large glyph dimensions or by monitoring application logs for crashes or excessive memory usage related to Pillow's font processing.

There are no specific commands provided in the resources, but general detection steps include:

  • Check the installed Pillow version with Python: `pip show Pillow` or `pip list | grep Pillow` to ensure it is 12.3.0 or later.
  • Monitor application logs for errors or crashes related to font processing.
  • Scan font files for large glyph sizes or unusually large bitmap sizes, possibly by using custom scripts to parse font files and check glyph dimensions.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-54060. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart