Affected versions of the pillow package are vulnerable to Out-of-bounds Write due to an integer overflow in PSD tile extent bounds checks that allow attacker-controlled tile dimensions to bypass validation in PSD image decoding and encoding. The bounds checks added in Pillow 12.1.1 to address CVE-2026-25990 use narrow integer types prone to wraparound, so a PSD image with carefully chosen tile dimensions can produce values that wrap around and pass validation while still exceeding the underlying buffer in src/decode.c and src/encode.c. A remote attacker who supplies a malicious PSD file can trigger memory corruption, potentially resulting in a crash or arbitrary code execution.

Affected versions of the pillow package are vulnerable to Integer Overflow due to unchecked accumulation of glyph advance values while tracking the current rendering position during font processing. When a font supplies an excessively large advance for each glyph, the running position counter wraps around because the arithmetic is performed in a fixed-width integer type that cannot represent the resulting magnitude. A remote attacker who can supply a crafted font file to a target that uses Pillow's font rendering can trigger the overflow, leading to incorrect memory calculations and potential memory corruption.

Affected versions of the pillow package are vulnerable to a heap-based buffer overflow due to insufficient validation of coordinate input passed to drawing APIs. Passing nested lists as coordinates to ImagePath.Path, ImageDraw.ImageDraw.polygon, and ImageDraw.ImageDraw.line causes nested lists to be recursively unpacked beyond the allocated buffer, since coordinate lists were not validated to contain exactly two numeric values. An attacker who can control the coordinate input supplied to these APIs can trigger an out-of-bounds heap write, resulting in memory corruption and potentially impacting the availability of the affected process.

Affected versions of the pillow package are vulnerable to Denial of Service due to an unbounded loop when traversing PDF cross-reference trailer chains without cycle detection. The PdfParser module follows Prev pointers in PDF trailers to read cross-reference sections, but it does not track previously processed offsets, so a trailer whose Prev pointer references its own offset or forms a longer cycle causes the parser to loop indefinitely. A remote attacker who supplies a crafted PDF document can cause the parsing process to hang, consuming 100% CPU and rendering the consuming application unresponsive.

Affected versions of the pillow package are vulnerable to Denial of Service due to unrestricted GZIP-compressed data consumption during FITS image decoding. The FITS image plugin does not limit the amount of GZIP-compressed data read when processing a FITS file, allowing unbounded memory allocation. An attacker can supply a specially crafted FITS file containing a GZIP decompression bomb, causing an out-of-memory crash or severe performance degradation.

Affected versions of the Pillow package are vulnerable to an Out-of-bounds Write issue due to insufficient validation of tile extents when decoding PSD image data. When Image.open() loads a PSD and the decoder paths in src/decode.c and src/encode.c process tile offsets and sizes, negative xoff/yoff values (and related invalid extents) can bypass expected bounds checks and lead to writes outside the intended image buffer.

Affected versions of this package are vulnerable to a Buffer Overflow when saving sufficiently large compressed DDS images (>64KB with default settings). The DDS encoding functionality fails to perform bounds checking when writing to the destination buffer, leading to a heap buffer overflow condition. This vulnerability was introduced in Pillow 11.2.0 when BCn compression support for DDS format was added.