[Snyk:High] Out-of-bounds Write Pillow - due (03/27/2026)

### Overview
Affected versions of this package are vulnerable to Out-of-bounds Write in the _setimage() functions in encode.c and decode.c, which are exploitable via Image.open(). An attacker can execute arbitrary code by supplying a malicious PSD image file.

https://app.snyk.io/vuln/SNYK-PYTHON-PILLOW-15265439

### Security information
Factors contributing to the scoring:
Snyk: [CVSS v4.0 8.5](https://security.snyk.io/vuln/SNYK-PYTHON-PILLOW-15265439) - High Severity | [CVSS v3.1 7.8](https://security.snyk.io/vuln/SNYK-PYTHON-PILLOW-15265439) - High Severity
NVD: Not available. NVD has not yet published its analysis.
[Why are the scores different? Learn how Snyk evaluates vulnerability scores](https://docs.snyk.io/features/fixing-and-prioritizing-issues/issue-management/severity-levels#understanding-snyks-vulnerability-analysis)

### Action item:
- [ ]   upgrade pillow to version 12.1.1 or higher

### Completion criteria:
- [ ] The pillow package has been updated, and the Snyk vulnerability has been remediated.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk:High] Out-of-bounds Write Pillow - due (03/27/2026) #6982

Overview

Security information

Action item:

Completion criteria:

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[Snyk:High] Out-of-bounds Write Pillow - due (03/27/2026) #6982

Description

Overview

Security information

Action item:

Completion criteria:

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions