No advisories yet.
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Tue, 07 Jul 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 07 Jul 2026 12:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-1050 | |
| References |
| |
| Metrics |
threat_severity
|
threat_severity
|
Mon, 06 Jul 2026 20:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Python-pillow
Python-pillow pillow |
|
| Vendors & Products |
Python-pillow
Python-pillow pillow |
Mon, 06 Jul 2026 19:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile() assembled per-glyph images into a combined bitmap with Image.new("1", (xsize, ysize)) without calling Image._decompression_bomb_check(), allowing a font to trigger excessive allocation during conversion or saving. This issue is fixed in version 12.3.0. | |
| Title | Pillow: `FontFile.compile()`: `Image.new()` called without `_decompression_bomb_check()` | |
| Weaknesses | CWE-789 | |
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-07T14:08:14.588Z
Reserved: 2026-06-11T18:24:35.096Z
Link: CVE-2026-54060
Updated: 2026-07-07T14:08:07.536Z
No data.
OpenCVE Enrichment
Updated: 2026-07-07T05:45:03Z