{"url":"http://public2.vulnerablecode.io/api/packages/46007?format=json","purl":"pkg:pypi/pillow@11.3.0","type":"pypi","namespace":"","name":"pillow","version":"11.3.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"12.2.0","latest_non_vulnerable_version":"12.2.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37317?format=json","vulnerability_id":"VCID-9hza-srk7-sucy","summary":"Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0.","references":[{"reference_url":"https://github.com/python-pillow/Pillow/releases/tag/12.2.0","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://github.com/python-pillow/Pillow/releases/tag/12.2.0"},{"reference_url":"https://github.com/python-pillow/Pillow/security/advisories/GHSA-wjx4-4jcj-g98j","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://github.com/python-pillow/Pillow/security/advisories/GHSA-wjx4-4jcj-g98j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50058?format=json","purl":"pkg:pypi/pillow@12.2.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@12.2.0"}],"aliases":["CVE-2026-42308","GHSA-wjx4-4jcj-g98j","PYSEC-2026-165"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9hza-srk7-sucy"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4831?format=json","vulnerability_id":"VCID-4k44-465x-xuhe","summary":"arbitrary code execution","references":[{"reference_url":"https://github.com/python-pillow/Pillow/commit/ef98b3510e3e4f14b547762764813d7e5ca3c5a4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/python-pillow/Pillow/commit/ef98b3510e3e4f14b547762764813d7e5ca3c5a4"},{"reference_url":"https://github.com/python-pillow/Pillow/pull/9041","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/python-pillow/Pillow/pull/9041"},{"reference_url":"https://github.com/python-pillow/Pillow/releases/tag/11.3.0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/python-pillow/Pillow/releases/tag/11.3.0"},{"reference_url":"https://github.com/python-pillow/Pillow/security/advisories/GHSA-xg8h-j46f-w952","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/python-pillow/Pillow/security/advisories/GHSA-xg8h-j46f-w952"},{"reference_url":"https://security.archlinux.org/AVG-2906","reference_id":"AVG-2906","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2906"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/46007?format=json","purl":"pkg:pypi/pillow@11.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9hza-srk7-sucy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@11.3.0"}],"aliases":["CVE-2025-48379","GHSA-xg8h-j46f-w952","PYSEC-2025-61"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4k44-465x-xuhe"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@11.3.0"}