chore(deps): update dependency pillow to v12.2.0 [security]

renovate-bot commented

2026-04-14 02:02:19 +02:00

Collaborator

This PR contains the following updates:

Package	Change	Age	Confidence
pillow (changelog)	`12.1.1` → `12.2.0`

Pillow has a heap buffer overflow with nested list coordinates

CVE-2026-42309 / GHSA-5xmw-vc9v-4wf2

More information

Details

Passing nested lists as coordinates to APIs that accept coordinates such as ImagePath.Path, ImageDraw.ImageDraw.polygon and ImageDraw.ImageDraw.line could cause a heap buffer overflow, as nested lists were recursively unpacked beyond the allocated buffer. Coordinate lists are now validated to contain exactly two numeric coordinates. This was introduced in Pillow 11.2.1.

Severity

CVSS Score: 5.1 / 10 (Medium)
Vector String: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Pillow has an OOB Write with Invalid PSD Tile Extents (Integer Overflow)

CVE-2026-42311 / GHSA-pwv6-vv43-88gr

More information

Details

Impact

Processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution.

Patches

Patched version: 12.2.0

Pillow 12.1.1 addressed CVE-2026-25990 by adding checks for tile extents in PSD image decoding/encoding to prevent an out-of-bounds write. However, the bounds checks computed tile extent sums using types susceptible to integer overflow, meaning a PSD image with carefully chosen tile dimensions could produce values that wrap around and bypass the checks, still triggering an out-of-bounds write in src/decode.c and src/encode.c. The fix avoids adding extents together before comparison.

Workarounds

Use any version but affected versions: >= 10.3.0, < 12.2.0

Resources

Fix: https://github.com/python-pillow/Pillow/pull/9520
Original issue: CVE-2026-25990 (Pillow 12.1.1)

Severity

CVSS Score: 8.6 / 10 (High)
Vector String: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Pillow has a PDF Parsing Trailer Infinite Loop (DoS)

CVE-2026-42310 / GHSA-r73j-pqj5-w3x7

More information

Details

Impact

An attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive.

Patches

Patched version: 12.2.0.

PdfParser (introduced in Pillow 4.2.0) follows Prev pointers in PDF trailers to read cross-reference sections. If a
trailer's Prev pointer references an offset that has already been processed — either pointing to itself or forming a
longer cycle — the parser enters an infinite loop. Pillow now tracks previously processed trailer offsets and raises an
error if a cycle is detected.

Workarounds

Use any version but the affected versions: >= 4.2.0, < 12.2.0

Resources

Fix: https://github.com/python-pillow/Pillow/pull/9519

Severity

CVSS Score: 5.1 / 10 (Medium)
Vector String: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

FITS GZIP decompression bomb in Pillow

BIT-pillow-2026-40192 / CVE-2026-40192 / GHSA-whj4-6x5x-4v2j

More information

Details

Impact

Pillow did not limit the amount of GZIP-compressed data read when decoding a FITS image, making it vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leading to denial of service (OOM crash or severe performance degradation).

Patches

The amount of data read is now limited to the necessary amount.
Fixed in Pillow 12.2.0 (PR #9521).

Workarounds

Avoid Pillow >= 10.3.0, < 12.2.0
Only open specific image formats, excluding FITS.

Severity

CVSS Score: 8.7 / 10 (High)
Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Pillow has an integer overflow when processing fonts

CVE-2026-42308 / GHSA-wjx4-4jcj-g98j

More information

Details

If a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This has been fixed.

Severity

CVSS Score: 5.1 / 10 (Medium)
Vector String: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Release Notes

python-pillow/Pillow (pillow)

`v12.2.0`

Compare Source

https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html

Documentation

Update 12.2.0 release notes #9522 [@hugovk]
Add loader plugins: AMOS abk, Atari Degas, 40+ more obscure formats via Netpbm #9482 [@bitplane]
Update Python versions #9515 [@radarhere]
Jeffrey A. Clark -> Jeffrey 'Alex' Clark #9513 [@aclark4life]
Add release notes for #9394, #9419 and #9456 #9467 [@radarhere]
Add Amiga Workbench .info loader to 3rd party plugins list #9459 [@bitplane]
Merge PFM documentation into PPM #9434 [@radarhere]
Update macOS tested Pillow versions #9431 [@radarhere]
Fix CVE number #9430 [@hugovk]

Dependencies

Update xz to 5.8.3 #9523 [@radarhere]
Update libjpeg-turbo to 3.1.4.1 #9507 [@radarhere]
Update libpng to 1.6.56 #9499 [@radarhere]
Update freetype to 2.14.3 #9485 [@radarhere]
Updated libavif to 1.4.1 #9479 [@radarhere]
Updated harfbuzz to 13.2.1 #9461 [@radarhere]
Update Ghostscript to 10.7.0 #9469 [@radarhere]
Update harfbuzz to 13.0.1 #9453 [@radarhere]
Update libavif to 1.4.0 #9460 [@radarhere]
Update freetype to 2.14.2 #9449 [@radarhere]
Update actions/download-artifact action to v8 #9451 [@renovate[bot]]
Updated libpng to 1.6.55 #9425 [@radarhere]

Testing

Cleanup .spider extension in the same test where it is added #9517 [@radarhere]
Run tests in parallel via tox for 3.5x speedup #9516 [@hugovk]
Enable colour in CI logs #9486 [@hugovk]
Update Ghostscript to 10.7.0 #9469 [@radarhere]
Simplify TGA test code #9477 [@radarhere]
Update tests to check for ValueError when encoding an empty image #9464 [@radarhere]
Upgrade CI from macos-15-intel to macos-26-intel #9454 [@hugovk]
Add check-case-conflict hook #9446 [@radarhere]
Specify platform when pulling docker image #9440 [@radarhere]
GHA: Cache libavif and webp builds for Ubuntu #9437 [@hugovk]
Update macOS tested Pillow versions #9431 [@radarhere]

Other changes

Check calloc return value #9527 [@radarhere]
Check all allocs in the Arrow tree #9488 [@wiredfool]
Reject non-numeric elements inside list coords #9526 [@hugovk]
Move variable declaration inside define #9525 [@radarhere]
Resize tall images vertically first #9524 [@radarhere]
Avoid overflow by not adding extents together #9520 [@hugovk]
Use long for glyph position #9518 [@hugovk]
Raise an error if the trailer chain loops back on itself #9519 [@hugovk]
Only read as much data from gzip-decompressed data as necessary #9521 [@hugovk]
Allow None extents in C setimage() #9504 [@radarhere]
Use critical sections to protect FontObject #9498 [@colesbury]
Add ImageText.Text.wrap() to wrap text #9286 [@radarhere]
Always call StubHandler open() when opening StubImageFile #9412 [@radarhere]
Improved BCn overflow check #9043 [@radarhere]
Image will never be None #9512 [@radarhere]
Raise EOFError when seeking too far in PSD #9388 [@radarhere]
Raise error if ImageGrab subprocess gives non-zero returncode #9321 [@radarhere]
Allow for different palette entry sizes when correcting BMP pixel data offset #9472 [@radarhere]
Ignore unspecified extra samples for TIFF separate planar configuration #9514 [@radarhere]
Add PERF to lint and fix findings #9510 [@hugovk]
Switch iOS back to macos-15-intel #9509 [@radarhere]
Catch struct.error #9505 [@radarhere]
Check PyCapsule_GetPointer and PyBytes_FromStringAndSize return values #9508 [@radarhere]
Fix missing null dereference checks #9489 [@wiredfool]
CI: Retry failed downloads #9506 [@hugovk]
Use PyModule_AddObjectRef #9503 [@radarhere]
Release reference to encoder on error #9500 [@radarhere]
Fixed AVIF and WEBP dealloc #9501 [@radarhere]
Check PyType_Ready return values #9502 [@radarhere]
Check if PyObject_CallMethod result is NULL #9494 [@radarhere]
Do not use palette from grayscale or bilevel colorspace when reading JPEG2000 images #9468 [@radarhere]
If TGA v2 extension area specifies no alpha, fill alpha channel #9478 [@radarhere]
Set image pixels individually on 32-bit Windows #9492 [@radarhere]
Add error messages before returning NULL when encoding #9493 [@radarhere]
Fix _getxy refcount leaks #9487 [@hugovk]
Fix invalid test font #9483 [@radarhere]
Add Exif tag "FrameRate" #9470 [@zhiyuanouyang]
Support reading JPEG2000 images with CMYK palettes #9456 [@radarhere]
Simplify setimage() by always passing extents #9395 [@radarhere]
If bitmap buffer is empty, do not render anything #8324 [@radarhere]
Change to ValueError when encoding an empty image #9394 [@radarhere]
Add FontFile.to_imagefont() #9419 [@fjhenigman]
[pre-commit.ci] pre-commit autoupdate #9450 [@pre-commit-ci[bot]]
Use walrus operator #9448 [@radarhere]
Only close file handle in ImagePalette.save() if it was opened internally #9444 [@bysiber]
Fix self.decode typo #9445 [@bysiber]
Fix BMP RLE delta escape reading from wrong file position #9443 [@bysiber]
Correct error check when encoding AVIF images #9442 [@radarhere]
Fix unexpected error when saving zero dimension images #9391 [@radarhere]
Use uppercase format ID for PALM #9435 [@radarhere]

Configuration

📅 Schedule: (UTC)

Branch creation
- ""
Automerge
- At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [pillow](https://github.com/python-pillow/Pillow) ([changelog](https://github.com/python-pillow/Pillow/releases)) | `12.1.1` → `12.2.0` | ![age](https://developer.mend.io/api/mc/badges/age/pypi/pillow/12.2.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/pillow/12.1.1/12.2.0?slim=true) | --- ### Pillow has a heap buffer overflow with nested list coordinates [CVE-2026-42309](https://nvd.nist.gov/vuln/detail/CVE-2026-42309) / [GHSA-5xmw-vc9v-4wf2](https://github.com/advisories/GHSA-5xmw-vc9v-4wf2) <details> <summary>More information</summary> #### Details Passing nested lists as coordinates to APIs that accept coordinates such as `ImagePath.Path`, `ImageDraw.ImageDraw.polygon` and `ImageDraw.ImageDraw.line` could cause a heap buffer overflow, as nested lists were recursively unpacked beyond the allocated buffer. Coordinate lists are now validated to contain exactly two numeric coordinates. This was introduced in Pillow 11.2.1. #### Severity - CVSS Score: 5.1 / 10 (Medium) - Vector String: `CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N` #### References - [https://github.com/python-pillow/Pillow/security/advisories/GHSA-5xmw-vc9v-4wf2](https://github.com/python-pillow/Pillow/security/advisories/GHSA-5xmw-vc9v-4wf2) - [https://github.com/python-pillow/Pillow](https://github.com/python-pillow/Pillow) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-5xmw-vc9v-4wf2) and the [GitHub Advisory Database](https://github.com/github/advisory-database) ([CC-BY 4.0](https://github.com/github/advisory-database/blob/main/LICENSE.md)). </details> --- ### Pillow has an OOB Write with Invalid PSD Tile Extents (Integer Overflow) [CVE-2026-42311](https://nvd.nist.gov/vuln/detail/CVE-2026-42311) / [GHSA-pwv6-vv43-88gr](https://github.com/advisories/GHSA-pwv6-vv43-88gr) <details> <summary>More information</summary> #### Details ##### Impact Processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution. ##### Patches Patched version: 12.2.0 Pillow 12.1.1 addressed CVE-2026-25990 by adding checks for tile extents in PSD image decoding/encoding to prevent an out-of-bounds write. However, the bounds checks computed tile extent sums using types susceptible to integer overflow, meaning a PSD image with carefully chosen tile dimensions could produce values that wrap around and bypass the checks, still triggering an out-of-bounds write in src/decode.c and src/encode.c. The fix avoids adding extents together before comparison. ##### Workarounds Use any version but affected versions: >= 10.3.0, < 12.2.0 ##### Resources - Fix: https://github.com/python-pillow/Pillow/pull/9520 - Original issue: CVE-2026-25990 (Pillow 12.1.1) #### Severity - CVSS Score: 8.6 / 10 (High) - Vector String: `CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N` #### References - [https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc](https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc) - [https://github.com/python-pillow/Pillow/security/advisories/GHSA-pwv6-vv43-88gr](https://github.com/python-pillow/Pillow/security/advisories/GHSA-pwv6-vv43-88gr) - [https://github.com/python-pillow/Pillow/pull/9520](https://github.com/python-pillow/Pillow/pull/9520) - [https://github.com/python-pillow/Pillow](https://github.com/python-pillow/Pillow) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-pwv6-vv43-88gr) and the [GitHub Advisory Database](https://github.com/github/advisory-database) ([CC-BY 4.0](https://github.com/github/advisory-database/blob/main/LICENSE.md)). </details> --- ### Pillow has a PDF Parsing Trailer Infinite Loop (DoS) [CVE-2026-42310](https://nvd.nist.gov/vuln/detail/CVE-2026-42310) / [GHSA-r73j-pqj5-w3x7](https://github.com/advisories/GHSA-r73j-pqj5-w3x7) <details> <summary>More information</summary> #### Details ##### Impact An attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. ##### Patches Patched version: 12.2.0. PdfParser (introduced in Pillow 4.2.0) follows Prev pointers in PDF trailers to read cross-reference sections. If a trailer's Prev pointer references an offset that has already been processed — either pointing to itself or forming a longer cycle — the parser enters an infinite loop. Pillow now tracks previously processed trailer offsets and raises an error if a cycle is detected. ##### Workarounds Use any version but the affected versions: >= 4.2.0, < 12.2.0 ##### Resources - Fix: https://github.com/python-pillow/Pillow/pull/9519 #### Severity - CVSS Score: 5.1 / 10 (Medium) - Vector String: `CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N` #### References - [https://github.com/python-pillow/Pillow/security/advisories/GHSA-r73j-pqj5-w3x7](https://github.com/python-pillow/Pillow/security/advisories/GHSA-r73j-pqj5-w3x7) - [https://github.com/python-pillow/Pillow/pull/9519](https://github.com/python-pillow/Pillow/pull/9519) - [https://github.com/python-pillow/Pillow](https://github.com/python-pillow/Pillow) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-r73j-pqj5-w3x7) and the [GitHub Advisory Database](https://github.com/github/advisory-database) ([CC-BY 4.0](https://github.com/github/advisory-database/blob/main/LICENSE.md)). </details> --- ### FITS GZIP decompression bomb in Pillow BIT-pillow-2026-40192 / [CVE-2026-40192](https://nvd.nist.gov/vuln/detail/CVE-2026-40192) / [GHSA-whj4-6x5x-4v2j](https://github.com/advisories/GHSA-whj4-6x5x-4v2j) <details> <summary>More information</summary> #### Details ##### Impact Pillow did not limit the amount of GZIP-compressed data read when decoding a FITS image, making it vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leading to denial of service (OOM crash or severe performance degradation). ##### Patches The amount of data read is now limited to the necessary amount. Fixed in Pillow 12.2.0 (PR #9521). ##### Workarounds Avoid Pillow >= 10.3.0, < 12.2.0 Only open [specific image formats](https://pillow.readthedocs.io/en/stable/releasenotes/8.0.0.html#image-open-add-formats-parameter), excluding FITS. #### Severity - CVSS Score: 8.7 / 10 (High) - Vector String: `CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N` #### References - [https://github.com/python-pillow/Pillow/security/advisories/GHSA-whj4-6x5x-4v2j](https://github.com/python-pillow/Pillow/security/advisories/GHSA-whj4-6x5x-4v2j) - [https://nvd.nist.gov/vuln/detail/CVE-2026-40192](https://nvd.nist.gov/vuln/detail/CVE-2026-40192) - [https://github.com/python-pillow/Pillow/pull/9521](https://github.com/python-pillow/Pillow/pull/9521) - [https://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628](https://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628) - [https://github.com/python-pillow/Pillow](https://github.com/python-pillow/Pillow) - [https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html#prevent-fits-decompression-bomb](https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html#prevent-fits-decompression-bomb) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-whj4-6x5x-4v2j) and the [GitHub Advisory Database](https://github.com/github/advisory-database) ([CC-BY 4.0](https://github.com/github/advisory-database/blob/main/LICENSE.md)). </details> --- ### Pillow has an integer overflow when processing fonts [CVE-2026-42308](https://nvd.nist.gov/vuln/detail/CVE-2026-42308) / [GHSA-wjx4-4jcj-g98j](https://github.com/advisories/GHSA-wjx4-4jcj-g98j) <details> <summary>More information</summary> #### Details If a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This has been fixed. #### Severity - CVSS Score: 5.1 / 10 (Medium) - Vector String: `CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N` #### References - [https://github.com/python-pillow/Pillow/security/advisories/GHSA-wjx4-4jcj-g98j](https://github.com/python-pillow/Pillow/security/advisories/GHSA-wjx4-4jcj-g98j) - [https://github.com/python-pillow/Pillow](https://github.com/python-pillow/Pillow) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-wjx4-4jcj-g98j) and the [GitHub Advisory Database](https://github.com/github/advisory-database) ([CC-BY 4.0](https://github.com/github/advisory-database/blob/main/LICENSE.md)). </details> --- ### Release Notes <details> <summary>python-pillow/Pillow (pillow)</summary> ### [`v12.2.0`](https://github.com/python-pillow/Pillow/releases/tag/12.2.0) [Compare Source](https://github.com/python-pillow/Pillow/compare/12.1.1...12.2.0) <https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html> #### Documentation - Update 12.2.0 release notes [#9522](https://github.com/python-pillow/Pillow/issues/9522) \[[@hugovk](https://github.com/hugovk)] - Add loader plugins: AMOS abk, Atari Degas, 40+ more obscure formats via Netpbm [#9482](https://github.com/python-pillow/Pillow/issues/9482) \[[@bitplane](https://github.com/bitplane)] - Update Python versions [#9515](https://github.com/python-pillow/Pillow/issues/9515) \[[@radarhere](https://github.com/radarhere)] - Jeffrey A. Clark -> Jeffrey 'Alex' Clark [#9513](https://github.com/python-pillow/Pillow/issues/9513) \[[@aclark4life](https://github.com/aclark4life)] - Add release notes for [#9394](https://github.com/python-pillow/Pillow/issues/9394), [#9419](https://github.com/python-pillow/Pillow/issues/9419) and [#9456](https://github.com/python-pillow/Pillow/issues/9456) [#9467](https://github.com/python-pillow/Pillow/issues/9467) \[[@radarhere](https://github.com/radarhere)] - Add Amiga Workbench .info loader to 3rd party plugins list [#9459](https://github.com/python-pillow/Pillow/issues/9459) \[[@bitplane](https://github.com/bitplane)] - Merge PFM documentation into PPM [#9434](https://github.com/python-pillow/Pillow/issues/9434) \[[@radarhere](https://github.com/radarhere)] - Update macOS tested Pillow versions [#9431](https://github.com/python-pillow/Pillow/issues/9431) \[[@radarhere](https://github.com/radarhere)] - Fix CVE number [#9430](https://github.com/python-pillow/Pillow/issues/9430) \[[@hugovk](https://github.com/hugovk)] #### Dependencies - Update xz to 5.8.3 [#9523](https://github.com/python-pillow/Pillow/issues/9523) \[[@radarhere](https://github.com/radarhere)] - Update libjpeg-turbo to 3.1.4.1 [#9507](https://github.com/python-pillow/Pillow/issues/9507) \[[@radarhere](https://github.com/radarhere)] - Update libpng to 1.6.56 [#9499](https://github.com/python-pillow/Pillow/issues/9499) \[[@radarhere](https://github.com/radarhere)] - Update freetype to 2.14.3 [#9485](https://github.com/python-pillow/Pillow/issues/9485) \[[@radarhere](https://github.com/radarhere)] - Updated libavif to 1.4.1 [#9479](https://github.com/python-pillow/Pillow/issues/9479) \[[@radarhere](https://github.com/radarhere)] - Updated harfbuzz to 13.2.1 [#9461](https://github.com/python-pillow/Pillow/issues/9461) \[[@radarhere](https://github.com/radarhere)] - Update Ghostscript to 10.7.0 [#9469](https://github.com/python-pillow/Pillow/issues/9469) \[[@radarhere](https://github.com/radarhere)] - Update harfbuzz to 13.0.1 [#9453](https://github.com/python-pillow/Pillow/issues/9453) \[[@radarhere](https://github.com/radarhere)] - Update libavif to 1.4.0 [#9460](https://github.com/python-pillow/Pillow/issues/9460) \[[@radarhere](https://github.com/radarhere)] - Update freetype to 2.14.2 [#9449](https://github.com/python-pillow/Pillow/issues/9449) \[[@radarhere](https://github.com/radarhere)] - Update actions/download-artifact action to v8 [#9451](https://github.com/python-pillow/Pillow/issues/9451) \[@[renovate\[bot\]](https://github.com/apps/renovate)] - Updated libpng to 1.6.55 [#9425](https://github.com/python-pillow/Pillow/issues/9425) \[[@radarhere](https://github.com/radarhere)] #### Testing - Cleanup .spider extension in the same test where it is added [#9517](https://github.com/python-pillow/Pillow/issues/9517) \[[@radarhere](https://github.com/radarhere)] - Run tests in parallel via tox for 3.5x speedup [#9516](https://github.com/python-pillow/Pillow/issues/9516) \[[@hugovk](https://github.com/hugovk)] - Enable colour in CI logs [#9486](https://github.com/python-pillow/Pillow/issues/9486) \[[@hugovk](https://github.com/hugovk)] - Update Ghostscript to 10.7.0 [#9469](https://github.com/python-pillow/Pillow/issues/9469) \[[@radarhere](https://github.com/radarhere)] - Simplify TGA test code [#9477](https://github.com/python-pillow/Pillow/issues/9477) \[[@radarhere](https://github.com/radarhere)] - Update tests to check for ValueError when encoding an empty image [#9464](https://github.com/python-pillow/Pillow/issues/9464) \[[@radarhere](https://github.com/radarhere)] - Upgrade CI from `macos-15-intel` to `macos-26-intel` [#9454](https://github.com/python-pillow/Pillow/issues/9454) \[[@hugovk](https://github.com/hugovk)] - Add check-case-conflict hook [#9446](https://github.com/python-pillow/Pillow/issues/9446) \[[@radarhere](https://github.com/radarhere)] - Specify platform when pulling docker image [#9440](https://github.com/python-pillow/Pillow/issues/9440) \[[@radarhere](https://github.com/radarhere)] - GHA: Cache libavif and webp builds for Ubuntu [#9437](https://github.com/python-pillow/Pillow/issues/9437) \[[@hugovk](https://github.com/hugovk)] - Update macOS tested Pillow versions [#9431](https://github.com/python-pillow/Pillow/issues/9431) \[[@radarhere](https://github.com/radarhere)] #### Other changes - Check calloc return value [#9527](https://github.com/python-pillow/Pillow/issues/9527) \[[@radarhere](https://github.com/radarhere)] - Check all allocs in the Arrow tree [#9488](https://github.com/python-pillow/Pillow/issues/9488) \[[@wiredfool](https://github.com/wiredfool)] - Reject non-numeric elements inside list coords [#9526](https://github.com/python-pillow/Pillow/issues/9526) \[[@hugovk](https://github.com/hugovk)] - Move variable declaration inside define [#9525](https://github.com/python-pillow/Pillow/issues/9525) \[[@radarhere](https://github.com/radarhere)] - Resize tall images vertically first [#9524](https://github.com/python-pillow/Pillow/issues/9524) \[[@radarhere](https://github.com/radarhere)] - Avoid overflow by not adding extents together [#9520](https://github.com/python-pillow/Pillow/issues/9520) \[[@hugovk](https://github.com/hugovk)] - Use long for glyph position [#9518](https://github.com/python-pillow/Pillow/issues/9518) \[[@hugovk](https://github.com/hugovk)] - Raise an error if the trailer chain loops back on itself [#9519](https://github.com/python-pillow/Pillow/issues/9519) \[[@hugovk](https://github.com/hugovk)] - Only read as much data from gzip-decompressed data as necessary [#9521](https://github.com/python-pillow/Pillow/issues/9521) \[[@hugovk](https://github.com/hugovk)] - Allow None extents in C setimage() [#9504](https://github.com/python-pillow/Pillow/issues/9504) \[[@radarhere](https://github.com/radarhere)] - Use critical sections to protect FontObject [#9498](https://github.com/python-pillow/Pillow/issues/9498) \[[@colesbury](https://github.com/colesbury)] - Add ImageText.Text.wrap() to wrap text [#9286](https://github.com/python-pillow/Pillow/issues/9286) \[[@radarhere](https://github.com/radarhere)] - Always call StubHandler open() when opening StubImageFile [#9412](https://github.com/python-pillow/Pillow/issues/9412) \[[@radarhere](https://github.com/radarhere)] - Improved BCn overflow check [#9043](https://github.com/python-pillow/Pillow/issues/9043) \[[@radarhere](https://github.com/radarhere)] - Image will never be None [#9512](https://github.com/python-pillow/Pillow/issues/9512) \[[@radarhere](https://github.com/radarhere)] - Raise EOFError when seeking too far in PSD [#9388](https://github.com/python-pillow/Pillow/issues/9388) \[[@radarhere](https://github.com/radarhere)] - Raise error if ImageGrab subprocess gives non-zero returncode [#9321](https://github.com/python-pillow/Pillow/issues/9321) \[[@radarhere](https://github.com/radarhere)] - Allow for different palette entry sizes when correcting BMP pixel data offset [#9472](https://github.com/python-pillow/Pillow/issues/9472) \[[@radarhere](https://github.com/radarhere)] - Ignore unspecified extra samples for TIFF separate planar configuration [#9514](https://github.com/python-pillow/Pillow/issues/9514) \[[@radarhere](https://github.com/radarhere)] - Add PERF to lint and fix findings [#9510](https://github.com/python-pillow/Pillow/issues/9510) \[[@hugovk](https://github.com/hugovk)] - Switch iOS back to macos-15-intel [#9509](https://github.com/python-pillow/Pillow/issues/9509) \[[@radarhere](https://github.com/radarhere)] - Catch struct.error [#9505](https://github.com/python-pillow/Pillow/issues/9505) \[[@radarhere](https://github.com/radarhere)] - Check PyCapsule\_GetPointer and PyBytes\_FromStringAndSize return values [#9508](https://github.com/python-pillow/Pillow/issues/9508) \[[@radarhere](https://github.com/radarhere)] - Fix missing null dereference checks [#9489](https://github.com/python-pillow/Pillow/issues/9489) \[[@wiredfool](https://github.com/wiredfool)] - CI: Retry failed downloads [#9506](https://github.com/python-pillow/Pillow/issues/9506) \[[@hugovk](https://github.com/hugovk)] - Use PyModule\_AddObjectRef [#9503](https://github.com/python-pillow/Pillow/issues/9503) \[[@radarhere](https://github.com/radarhere)] - Release reference to encoder on error [#9500](https://github.com/python-pillow/Pillow/issues/9500) \[[@radarhere](https://github.com/radarhere)] - Fixed AVIF and WEBP dealloc [#9501](https://github.com/python-pillow/Pillow/issues/9501) \[[@radarhere](https://github.com/radarhere)] - Check PyType\_Ready return values [#9502](https://github.com/python-pillow/Pillow/issues/9502) \[[@radarhere](https://github.com/radarhere)] - Check if PyObject\_CallMethod result is NULL [#9494](https://github.com/python-pillow/Pillow/issues/9494) \[[@radarhere](https://github.com/radarhere)] - Do not use palette from grayscale or bilevel colorspace when reading JPEG2000 images [#9468](https://github.com/python-pillow/Pillow/issues/9468) \[[@radarhere](https://github.com/radarhere)] - If TGA v2 extension area specifies no alpha, fill alpha channel [#9478](https://github.com/python-pillow/Pillow/issues/9478) \[[@radarhere](https://github.com/radarhere)] - Set image pixels individually on 32-bit Windows [#9492](https://github.com/python-pillow/Pillow/issues/9492) \[[@radarhere](https://github.com/radarhere)] - Add error messages before returning NULL when encoding [#9493](https://github.com/python-pillow/Pillow/issues/9493) \[[@radarhere](https://github.com/radarhere)] - Fix `_getxy` refcount leaks [#9487](https://github.com/python-pillow/Pillow/issues/9487) \[[@hugovk](https://github.com/hugovk)] - Fix invalid test font [#9483](https://github.com/python-pillow/Pillow/issues/9483) \[[@radarhere](https://github.com/radarhere)] - Add Exif tag "FrameRate" [#9470](https://github.com/python-pillow/Pillow/issues/9470) \[[@zhiyuanouyang](https://github.com/zhiyuanouyang)] - Support reading JPEG2000 images with CMYK palettes [#9456](https://github.com/python-pillow/Pillow/issues/9456) \[[@radarhere](https://github.com/radarhere)] - Simplify `setimage()` by always passing extents [#9395](https://github.com/python-pillow/Pillow/issues/9395) \[[@radarhere](https://github.com/radarhere)] - If bitmap buffer is empty, do not render anything [#8324](https://github.com/python-pillow/Pillow/issues/8324) \[[@radarhere](https://github.com/radarhere)] - Change to ValueError when encoding an empty image [#9394](https://github.com/python-pillow/Pillow/issues/9394) \[[@radarhere](https://github.com/radarhere)] - Add FontFile.to\_imagefont() [#9419](https://github.com/python-pillow/Pillow/issues/9419) \[[@fjhenigman](https://github.com/fjhenigman)] - \[pre-commit.ci] pre-commit autoupdate [#9450](https://github.com/python-pillow/Pillow/issues/9450) \[@[pre-commit-ci\[bot\]](https://github.com/apps/pre-commit-ci)] - Use walrus operator [#9448](https://github.com/python-pillow/Pillow/issues/9448) \[[@radarhere](https://github.com/radarhere)] - Only close file handle in ImagePalette.save() if it was opened internally [#9444](https://github.com/python-pillow/Pillow/issues/9444) \[[@bysiber](https://github.com/bysiber)] - Fix `self.decode` typo [#9445](https://github.com/python-pillow/Pillow/issues/9445) \[[@bysiber](https://github.com/bysiber)] - Fix BMP RLE delta escape reading from wrong file position [#9443](https://github.com/python-pillow/Pillow/issues/9443) \[[@bysiber](https://github.com/bysiber)] - Correct error check when encoding AVIF images [#9442](https://github.com/python-pillow/Pillow/issues/9442) \[[@radarhere](https://github.com/radarhere)] - Fix unexpected error when saving zero dimension images [#9391](https://github.com/python-pillow/Pillow/issues/9391) \[[@radarhere](https://github.com/radarhere)] - Use uppercase format ID for PALM [#9435](https://github.com/python-pillow/Pillow/issues/9435) \[[@radarhere](https://github.com/radarhere)] </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - "" - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).

renovate-bot added 1 commit 2026-04-14 02:02:20 +02:00

chore(deps): update dependency pillow to v12.2.0 [security]

Continuous Integration / Lint, Check & Test (push) Successful in 2m11s

Details

Continuous Integration / Build Package (push) Successful in 50s

Details

bd031ea0a4

renovate-bot scheduled this pull request to auto merge when all checks succeed 2026-04-14 02:02:20 +02:00

Continuous Integration / Lint, Check & Test (push) Successful in 2m11s

Details

Continuous Integration / Build Package (push) Successful in 50s

Details

Build Package

Required

Lint, Check & Test

Required

Some required checks are missing.

You are not authorized to merge this pull request.

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin renovate/pypi-pillow-vulnerability:renovate/pypi-pillow-vulnerability

git checkout renovate/pypi-pillow-vulnerability

Rows
Columns

chore(deps): update dependency pillow to v12.2.0 [security] #7

Pillow has a heap buffer overflow with nested list coordinates

Details

Severity

References

Pillow has an OOB Write with Invalid PSD Tile Extents (Integer Overflow)

Details

Impact

Patches

Workarounds

Resources

Severity

References

Pillow has a PDF Parsing Trailer Infinite Loop (DoS)

Details

Impact

Patches

Workarounds

Resources

Severity

References

FITS GZIP decompression bomb in Pillow

Details

Impact

Patches

Workarounds

Severity

References

Pillow has an integer overflow when processing fonts

Details

Severity

References

Release Notes

v12.2.0

Documentation

Dependencies

Testing

Other changes

Configuration

Checkout

`v12.2.0`