Pillow vulnerabilities
Published: Mon, 08 Jun 2026 12:43
Summary
Several security issues were fixed in Pillow.
Details
It was discovered that Pillow incorrectly handled large glyph advance values in fonts. An attacker could possibly use this issue to cause Pillow to crash, resulting in a denial of service. (CVE-2026-42308) It was discovered that Pillow incorrectly handled nested coordinate lists in certain APIs. An attacker could possibly use this issue to cause Pillow to crash, resulting in a denial of service. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. (CVE-2026-42309) It was discovered that Pillow incorrectly handled certain malformed PDF files. An attacker could possibly use this issue to cause Pillow to use excessive resources, leading to a denial of service. (CVE-2026-42310) It was discovered that Pillow incorrectly handled certain malformed PSD files. An attacker could possibly use this issue to cause Pillow to crash, resulting in a denial of service, or to execute arbitrary code. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. (CVE-2026-42311)
Recommended actions per Ubuntu release
StackPatch playbook auto-generated per release codename and per affected package.
Ubuntu jammy
pillow→9.0.1-1ubuntu0.4apt_upgradeStandard apt upgrade. Install 9.0.1-1ubuntu0.4 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y pillow
Most apt upgrades restart their service automatically. needrestart lists anything else.
python-pil-doc→9.0.1-1ubuntu0.4apt_upgradeStandard apt upgrade. Install 9.0.1-1ubuntu0.4 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y python-pil-doc
Most apt upgrades restart their service automatically. needrestart lists anything else.
python3-pil→9.0.1-1ubuntu0.4apt_upgradeStandard apt upgrade. Install 9.0.1-1ubuntu0.4 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y python3-pil
Most apt upgrades restart their service automatically. needrestart lists anything else.
python3-pil.imagetk→9.0.1-1ubuntu0.4apt_upgradeStandard apt upgrade. Install 9.0.1-1ubuntu0.4 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y python3-pil.imagetk
Most apt upgrades restart their service automatically. needrestart lists anything else.
Ubuntu noble
pillow→10.2.0-1ubuntu1.2apt_upgradeStandard apt upgrade. Install 10.2.0-1ubuntu1.2 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y pillow
Most apt upgrades restart their service automatically. needrestart lists anything else.
python-pil-doc→10.2.0-1ubuntu1.2apt_upgradeStandard apt upgrade. Install 10.2.0-1ubuntu1.2 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y python-pil-doc
Most apt upgrades restart their service automatically. needrestart lists anything else.
python3-pil→10.2.0-1ubuntu1.2apt_upgradeStandard apt upgrade. Install 10.2.0-1ubuntu1.2 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y python3-pil
Most apt upgrades restart their service automatically. needrestart lists anything else.
python3-pil.imagetk→10.2.0-1ubuntu1.2apt_upgradeStandard apt upgrade. Install 10.2.0-1ubuntu1.2 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y python3-pil.imagetk
Most apt upgrades restart their service automatically. needrestart lists anything else.
Ubuntu questing
pillow→11.3.0-1ubuntu1.3apt_upgradeStandard apt upgrade. Install 11.3.0-1ubuntu1.3 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y pillow
Most apt upgrades restart their service automatically. needrestart lists anything else.
python-pil-doc→11.3.0-1ubuntu1.3apt_upgradeStandard apt upgrade. Install 11.3.0-1ubuntu1.3 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y python-pil-doc
Most apt upgrades restart their service automatically. needrestart lists anything else.
python3-pil→11.3.0-1ubuntu1.3apt_upgradeStandard apt upgrade. Install 11.3.0-1ubuntu1.3 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y python3-pil
Most apt upgrades restart their service automatically. needrestart lists anything else.
python3-pil.imagetk→11.3.0-1ubuntu1.3apt_upgradeStandard apt upgrade. Install 11.3.0-1ubuntu1.3 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y python3-pil.imagetk
Most apt upgrades restart their service automatically. needrestart lists anything else.
Ubuntu resolute
pillow→12.1.1-2ubuntu1.2apt_upgradeStandard apt upgrade. Install 12.1.1-2ubuntu1.2 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y pillow
Most apt upgrades restart their service automatically. needrestart lists anything else.
python-pil-doc→12.1.1-2ubuntu1.2apt_upgradeStandard apt upgrade. Install 12.1.1-2ubuntu1.2 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y python-pil-doc
Most apt upgrades restart their service automatically. needrestart lists anything else.
python3-pil→12.1.1-2ubuntu1.2apt_upgradeStandard apt upgrade. Install 12.1.1-2ubuntu1.2 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y python3-pil
Most apt upgrades restart their service automatically. needrestart lists anything else.
python3-pil.imagetk→12.1.1-2ubuntu1.2apt_upgradeStandard apt upgrade. Install 12.1.1-2ubuntu1.2 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y python3-pil.imagetk
Most apt upgrades restart their service automatically. needrestart lists anything else.
Are YOU affected by USN-8399-1?
5-second check on your actual server. Reads /etc/os-release, uname -r, and dpkg-query; matches against the live USN + Debian Security Tracker feeds; tells you whether USN-8399-1 (and any other live CVE) applies. Anonymous, no signup.
curl https://mindsparkstack.com/scan.sh | bash
StackPatch runs this match against YOUR installed packages every hour
Free 1-server / $99 lifetime founder seat (50 only) / $19+/mo monthly. Indie pricing.