Ubuntu 26.04 Pillow Critical Denial of Service Vulnerabilities USN-8399-1

ubuntu

June 8, 2026

Several security issues were fixed in Pillow.

Summary

Several security issues were fixed in Pillow.

Software Description:

- pillow: Python Imaging Library

Details:

It was discovered that Pillow incorrectly handled large glyph advance

values in fonts. An attacker could possibly use this issue to cause Pillow

to crash, resulting in a denial of service. (CVE-2026-42308)

It was discovered that Pillow incorrectly handled nested coordinate lists

in certain APIs. An attacker could possibly use this issue to cause Pillow

to crash, resulting in a denial of service. This issue only affected Ubuntu

25.10 and Ubuntu 26.04 LTS. (CVE-2026-42309)

It was discovered that Pillow incorrectly handled certain malformed PDF

files. An attacker could possibly use this issue to cause Pillow to use

excessive resources, leading to a denial of service. (CVE-2026-42310)

It was discovered that Pillow incorrectly handled certain malformed PSD

files. An attacker could possibly use this issue to cause Pillow to crash,

resulting in a denial of service, or to exe...

Read the Full Advisory

Topics Covered

security advisory denial of service critical Ubuntu vulnerability pillow

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
  python3-pil                     12.1.1-2ubuntu1.2

Ubuntu 25.10
  python3-pil                     11.3.0-1ubuntu1.3

Ubuntu 24.04 LTS
  python3-pil                     10.2.0-1ubuntu1.2

Ubuntu 22.04 LTS
  python3-pil                     9.0.1-1ubuntu0.4

In general, a standard system update will make all the necessary changes.