These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-42311 affects Pillow, a Python imaging library, when it processes malicious PSD files. According to the advisory and NVD record, versions 10.3.0 through before 12.2.0 are vulnerable to memory corruption, which can result in a crash or arbitrary code execution. The issue is patched in Pillow 12.2.0.
CVE-2026-42310 affects Pillow, the Python imaging library, in versions 4.2.0 through before 12.2.0. According to the NVD record and the linked GitHub advisory materials, an attacker can supply a malicious PDF that causes the process to hang indefinitely and consume 100% CPU, leaving the application unresponsive. The issue is classified as CWE-835 and was fixed in Pillow 12.2.0.
CVE-2026-42309 is a medium-severity heap buffer overflow in Pillow's coordinate handling. Nested lists passed to APIs that accept coordinates could be recursively unpacked beyond the allocated buffer. The issue affects Pillow from 11.2.1 up to, but not including, 12.2.0, and is fixed by validating coordinate lists to contain exactly two numeric values.
CVE-2026-42308 is a Medium-severity issue in Pillow, the Python imaging library, where excessively large glyph advance values can cause an integer overflow while Pillow tracks the current position. The issue is patched in Pillow 12.2.0. The available source record ties the weakness to CWE-190 and points to the 12.2.0 release and associated GitHub security advisory.