CVE-2026-55379
Undergoing Analysis Undergoing Analysis - In Progress

Memory Exhaustion in Pillow via BDF Font Parsing

Vulnerability report for CVE-2026-55379, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-06

Last updated on: 2026-07-06

Assigner: GitHub, Inc.

Description

Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdf_char() read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new() without calling Image._decompression_bomb_check(), bypassing Pillow's documented decompression bomb protection and allowing excessive memory allocation. This issue is fixed in version 12.3.0.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-06
Last Modified
2026-07-06
Generated
2026-07-06
AI Q&A
2026-07-06
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
python pillow 12.3.0
python pillow to 12.3.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-789 The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-55379 is a vulnerability in the Python Pillow imaging library (versions up to 12.2.0) that allows an attacker to bypass the library's decompression bomb protection when loading malicious BDF (Bitmap Distribution Format) font files.

The issue occurs in the bdf_char() function of the BdfFontFile.py file, where the BBX width and height dimensions from a BDF font file are passed directly to the Image.new() method without calling the _decompression_bomb_check() method. This bypasses the normal protection that limits image sizes to prevent excessive memory allocation.

An attacker can craft a BDF font file with very large BBX dimensions (for example, 20,000 by 20,000 pixels) which causes the library to allocate a large amount of memory silently. This can be further amplified by including multiple large glyphs in a single font file, leading to very high memory consumption.

Impact Analysis

This vulnerability can lead to excessive memory allocation when loading specially crafted BDF font files, potentially causing denial of service (DoS) conditions due to resource exhaustion.

Services or applications that load BDF fonts from untrusted sources, such as using ImageFont.load("user.bdf") or BdfFontFile(fp), are at risk of being exploited to consume large amounts of memory, which can degrade performance or crash the application.

Because the allocated glyph images persist in memory for the lifetime of the font object, the impact can be long-lasting until garbage collection occurs.

Detection Guidance

This vulnerability can be detected by monitoring for the loading of BDF font files with unusually large BBX dimensions in applications using the Pillow library (versions ≀ 12.2.0). Specifically, look for usage of ImageFont.load("user.bdf") or BdfFontFile(fp) where the font files come from untrusted sources.

Since the vulnerability involves excessive memory allocation triggered by large BBX width and height values, detection can include monitoring for processes consuming unexpectedly high memory when loading BDF fonts.

There are no specific built-in Pillow commands to detect this vulnerability, but you can use system commands to identify suspicious memory usage or inspect BDF font files for large BBX dimensions.

  • Use commands like `ps aux --sort=-rss | head` on Linux to identify processes with high memory usage.
  • Inspect BDF font files manually or with scripts to check BBX width and height fields for unusually large values (e.g., greater than typical font sizes, such as 20,000x20,000 pixels).
  • Monitor application logs or add debugging to detect calls to ImageFont.load() or BdfFontFile() with suspicious font files.
Mitigation Strategies

The immediate mitigation step is to upgrade the Pillow library to version 12.3.0 or later, where this vulnerability is fixed.

Until an upgrade is possible, avoid loading BDF font files from untrusted or unauthenticated sources, especially those that could contain large BBX dimensions.

Implement input validation or filtering on BDF font files before loading them with Pillow to ensure BBX dimensions are within safe limits.

Monitor memory usage of applications using Pillow to detect abnormal spikes that could indicate exploitation attempts.

Compliance Impact

The vulnerability in Pillow allows excessive memory allocation by bypassing decompression bomb protection when loading malicious BDF font files. This can lead to denial-of-service conditions due to high memory consumption.

While the CVE description and resources do not explicitly mention compliance with standards such as GDPR or HIPAA, the potential for denial-of-service or resource exhaustion could indirectly impact availability requirements under these regulations.

However, there is no direct information provided about how this vulnerability affects compliance with data protection or privacy regulations.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-55379. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart