{
  "threat_severity" : "Important",
  "public_date" : "2026-04-15T22:53:56Z",
  "bugzilla" : {
    "description" : "Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing",
    "id" : "2458856",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2458856"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-409",
  "details" : [ "Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leading to denial of service (OOM crash or severe performance degradation). If users are unable to immediately upgrade, they should only open specific image formats, excluding FITS, as a workaround.", "A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to trigger a denial of service (DoS) by providing a specially crafted FITS image file. The library's failure to limit the amount of GZIP-compressed data during decoding can lead to unbounded memory consumption, causing the system to crash or experience severe performance issues." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
    "release_date" : "2026-06-09T00:00:00Z",
    "advisory" : "RHSA-2026:24761",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
    "package" : "python3.12-pillow-0:12.2.0-1.el8ap"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
    "release_date" : "2026-06-09T00:00:00Z",
    "advisory" : "RHSA-2026:24761",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
    "package" : "python3.12-pillow-0:12.2.0-1.el9ap"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
    "release_date" : "2026-06-09T00:00:00Z",
    "advisory" : "RHSA-2026:24762",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.6::el9",
    "package" : "python3.12-pillow-0:12.2.0-1.el9ap"
  }, {
    "product_name" : "Red Hat Satellite 6.16 for RHEL 8",
    "release_date" : "2026-06-18T00:00:00Z",
    "advisory" : "RHSA-2026:27076",
    "cpe" : "cpe:/a:redhat:satellite:6.16::el8",
    "package" : "python-pillow-0:12.2.0-1.el8pc"
  }, {
    "product_name" : "Red Hat Satellite 6.16 for RHEL 8",
    "release_date" : "2026-06-18T00:00:00Z",
    "advisory" : "RHSA-2026:27076",
    "cpe" : "cpe:/a:redhat:satellite_capsule:6.16::el8",
    "package" : "python-pillow-0:12.2.0-1.el8pc"
  }, {
    "product_name" : "Red Hat Satellite 6.16 for RHEL 9",
    "release_date" : "2026-06-18T00:00:00Z",
    "advisory" : "RHSA-2026:27076",
    "cpe" : "cpe:/a:redhat:satellite:6.16::el9",
    "package" : "python-pillow-0:12.2.0-1.el9pc"
  }, {
    "product_name" : "Red Hat Satellite 6.16 for RHEL 9",
    "release_date" : "2026-06-18T00:00:00Z",
    "advisory" : "RHSA-2026:27076",
    "cpe" : "cpe:/a:redhat:satellite_capsule:6.16::el9",
    "package" : "python-pillow-0:12.2.0-1.el9pc"
  }, {
    "product_name" : "Red Hat AI Inference Server 3.3",
    "release_date" : "2026-05-11T00:00:00Z",
    "advisory" : "RHSA-2026:16008",
    "cpe" : "cpe:/a:redhat:ai_inference_server:3.3::el9",
    "package" : "rhaiis/model-opt-cuda-rhel9:1778244559"
  }, {
    "product_name" : "Red Hat AI Inference Server 3.3",
    "release_date" : "2026-05-11T00:00:00Z",
    "advisory" : "RHSA-2026:16009",
    "cpe" : "cpe:/a:redhat:ai_inference_server:3.3::el9",
    "package" : "rhaiis/vllm-rocm-rhel9:1778244531"
  }, {
    "product_name" : "Red Hat AI Inference Server 3.3",
    "release_date" : "2026-05-11T00:00:00Z",
    "advisory" : "RHSA-2026:16030",
    "cpe" : "cpe:/a:redhat:ai_inference_server:3.3::el9",
    "package" : "rhaiis/vllm-cuda-rhel9:1778274666"
  }, {
    "product_name" : "Red Hat AI Inference Server 3.3",
    "release_date" : "2026-05-12T00:00:00Z",
    "advisory" : "RHSA-2026:16174",
    "cpe" : "cpe:/a:redhat:ai_inference_server:3.3::el9",
    "package" : "rhaiis/vllm-spyre-rhel9:1778244546"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2.6",
    "release_date" : "2026-06-09T00:00:00Z",
    "advisory" : "RHSA-2026:24866",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.6::el9",
    "package" : "ansible-automation-platform-26/hub-rhel9:1779761061"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2.6",
    "release_date" : "2026-06-09T00:00:00Z",
    "advisory" : "RHSA-2026:24866",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.6::el9",
    "package" : "ansible-automation-platform-26/lightspeed-chatbot-rhel9:1780102732"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI 3.3",
    "release_date" : "2026-05-14T00:00:00Z",
    "advisory" : "RHSA-2026:17609",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3.3::el9",
    "package" : "rhelai3/disk-image-cuda-rhel9:1778690639"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI 3.3",
    "release_date" : "2026-05-14T00:00:00Z",
    "advisory" : "RHSA-2026:17611",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3.3::el9",
    "package" : "rhelai3/bootc-aws-cuda-rhel9:1778677633"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI 3.3",
    "release_date" : "2026-05-14T00:00:00Z",
    "advisory" : "RHSA-2026:17611",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3.3::el9",
    "package" : "rhelai3/bootc-azure-cuda-rhel9:1778677632"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI 3.3",
    "release_date" : "2026-05-14T00:00:00Z",
    "advisory" : "RHSA-2026:17611",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3.3::el9",
    "package" : "rhelai3/bootc-azure-rocm-rhel9:1778677745"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI 3.3",
    "release_date" : "2026-05-14T00:00:00Z",
    "advisory" : "RHSA-2026:17611",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3.3::el9",
    "package" : "rhelai3/bootc-cuda-rhel9:1778666122"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI 3.3",
    "release_date" : "2026-05-14T00:00:00Z",
    "advisory" : "RHSA-2026:17611",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3.3::el9",
    "package" : "rhelai3/bootc-gcp-cuda-rhel9:1778677632"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI 3.3",
    "release_date" : "2026-05-14T00:00:00Z",
    "advisory" : "RHSA-2026:17611",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3.3::el9",
    "package" : "rhelai3/bootc-rocm-rhel9:1778666124"
  }, {
    "product_name" : "Red Hat OpenShift AI 2.25",
    "release_date" : "2026-06-10T00:00:00Z",
    "advisory" : "RHSA-2026:24977",
    "cpe" : "cpe:/a:redhat:openshift_ai:2.25::el9",
    "package" : "rhoai/odh-caikit-tgis-serving-rhel9:1780388133"
  }, {
    "product_name" : "Red Hat OpenShift AI 3.3",
    "release_date" : "2026-05-20T00:00:00Z",
    "advisory" : "RHSA-2026:19712",
    "cpe" : "cpe:/a:redhat:openshift_ai:3.3::el9",
    "package" : "rhoai/odh-pipeline-runtime-datascience-cpu-py312-rhel9:1778677779"
  }, {
    "product_name" : "Red Hat OpenShift AI 3.3",
    "release_date" : "2026-05-20T00:00:00Z",
    "advisory" : "RHSA-2026:19712",
    "cpe" : "cpe:/a:redhat:openshift_ai:3.3::el9",
    "package" : "rhoai/odh-pipeline-runtime-pytorch-cuda-py312-rhel9:1778677692"
  }, {
    "product_name" : "Red Hat OpenShift AI 3.3",
    "release_date" : "2026-05-20T00:00:00Z",
    "advisory" : "RHSA-2026:19712",
    "cpe" : "cpe:/a:redhat:openshift_ai:3.3::el9",
    "package" : "rhoai/odh-pipeline-runtime-pytorch-llmcompressor-cuda-py312-rhel9:1778262893"
  }, {
    "product_name" : "Red Hat OpenShift AI 3.3",
    "release_date" : "2026-05-20T00:00:00Z",
    "advisory" : "RHSA-2026:19712",
    "cpe" : "cpe:/a:redhat:openshift_ai:3.3::el9",
    "package" : "rhoai/odh-pipeline-runtime-pytorch-rocm-py312-rhel9:1778677701"
  }, {
    "product_name" : "Red Hat OpenShift AI 3.3",
    "release_date" : "2026-05-20T00:00:00Z",
    "advisory" : "RHSA-2026:19712",
    "cpe" : "cpe:/a:redhat:openshift_ai:3.3::el9",
    "package" : "rhoai/odh-pipeline-runtime-tensorflow-cuda-py312-rhel9:1778677741"
  }, {
    "product_name" : "Red Hat OpenShift AI 3.3",
    "release_date" : "2026-05-20T00:00:00Z",
    "advisory" : "RHSA-2026:19712",
    "cpe" : "cpe:/a:redhat:openshift_ai:3.3::el9",
    "package" : "rhoai/odh-pipeline-runtime-tensorflow-rocm-py312-rhel9:1778677767"
  }, {
    "product_name" : "Red Hat OpenShift AI 3.3",
    "release_date" : "2026-05-20T00:00:00Z",
    "advisory" : "RHSA-2026:19712",
    "cpe" : "cpe:/a:redhat:openshift_ai:3.3::el9",
    "package" : "rhoai/odh-training-cuda128-torch29-py312-rhel9:1779123334"
  }, {
    "product_name" : "Red Hat OpenShift AI 3.3",
    "release_date" : "2026-05-20T00:00:00Z",
    "advisory" : "RHSA-2026:19712",
    "cpe" : "cpe:/a:redhat:openshift_ai:3.3::el9",
    "package" : "rhoai/odh-training-rocm64-torch29-py312-rhel9:1778263128"
  }, {
    "product_name" : "Red Hat OpenShift AI 3.3",
    "release_date" : "2026-05-20T00:00:00Z",
    "advisory" : "RHSA-2026:19712",
    "cpe" : "cpe:/a:redhat:openshift_ai:3.3::el9",
    "package" : "rhoai/odh-workbench-codeserver-datascience-cpu-py312-rhel9:1778782933"
  }, {
    "product_name" : "Red Hat OpenShift AI 3.3",
    "release_date" : "2026-05-20T00:00:00Z",
    "advisory" : "RHSA-2026:19712",
    "cpe" : "cpe:/a:redhat:openshift_ai:3.3::el9",
    "package" : "rhoai/odh-workbench-jupyter-datascience-cpu-py312-rhel9:1778677718"
  }, {
    "product_name" : "Red Hat OpenShift AI 3.3",
    "release_date" : "2026-05-20T00:00:00Z",
    "advisory" : "RHSA-2026:19712",
    "cpe" : "cpe:/a:redhat:openshift_ai:3.3::el9",
    "package" : "rhoai/odh-workbench-jupyter-pytorch-cuda-py312-rhel9:1778677716"
  }, {
    "product_name" : "Red Hat OpenShift AI 3.3",
    "release_date" : "2026-05-20T00:00:00Z",
    "advisory" : "RHSA-2026:19712",
    "cpe" : "cpe:/a:redhat:openshift_ai:3.3::el9",
    "package" : "rhoai/odh-workbench-jupyter-pytorch-llmcompressor-cuda-py312-rhel9:1778263054"
  }, {
    "product_name" : "Red Hat OpenShift AI 3.3",
    "release_date" : "2026-05-20T00:00:00Z",
    "advisory" : "RHSA-2026:19712",
    "cpe" : "cpe:/a:redhat:openshift_ai:3.3::el9",
    "package" : "rhoai/odh-workbench-jupyter-pytorch-rocm-py312-rhel9:1778677734"
  }, {
    "product_name" : "Red Hat OpenShift AI 3.3",
    "release_date" : "2026-05-20T00:00:00Z",
    "advisory" : "RHSA-2026:19712",
    "cpe" : "cpe:/a:redhat:openshift_ai:3.3::el9",
    "package" : "rhoai/odh-workbench-jupyter-tensorflow-cuda-py312-rhel9:1778677667"
  }, {
    "product_name" : "Red Hat OpenShift AI 3.3",
    "release_date" : "2026-05-20T00:00:00Z",
    "advisory" : "RHSA-2026:19712",
    "cpe" : "cpe:/a:redhat:openshift_ai:3.3::el9",
    "package" : "rhoai/odh-workbench-jupyter-tensorflow-rocm-py312-rhel9:1778677717"
  }, {
    "product_name" : "Red Hat OpenShift AI 3.3",
    "release_date" : "2026-05-20T00:00:00Z",
    "advisory" : "RHSA-2026:19712",
    "cpe" : "cpe:/a:redhat:openshift_ai:3.3::el9",
    "package" : "rhoai/odh-workbench-jupyter-trustyai-cpu-py312-rhel9:1778677722"
  }, {
    "product_name" : "Red Hat Quay 3.1",
    "release_date" : "2026-06-03T00:00:00Z",
    "advisory" : "RHSA-2026:22840",
    "cpe" : "cpe:/a:redhat:quay:3.10::el8",
    "package" : "quay/quay-rhel8:1779822261"
  }, {
    "product_name" : "Red Hat Quay 3.12",
    "release_date" : "2026-06-02T00:00:00Z",
    "advisory" : "RHSA-2026:22629",
    "cpe" : "cpe:/a:redhat:quay:3.12::el8",
    "package" : "quay/quay-rhel8:1779811412"
  }, {
    "product_name" : "Red Hat Quay 3.14",
    "release_date" : "2026-05-26T00:00:00Z",
    "advisory" : "RHSA-2026:21017",
    "cpe" : "cpe:/a:redhat:quay:3.14::el8",
    "package" : "quay/quay-rhel8:1779689392"
  }, {
    "product_name" : "Red Hat Quay 3.15",
    "release_date" : "2026-06-09T00:00:00Z",
    "advisory" : "RHSA-2026:24853",
    "cpe" : "cpe:/a:redhat:quay:3.15::el8",
    "package" : "quay/quay-rhel8:1780891395"
  }, {
    "product_name" : "Red Hat Quay 3.16",
    "release_date" : "2026-05-19T00:00:00Z",
    "advisory" : "RHSA-2026:19375",
    "cpe" : "cpe:/a:redhat:quay:3.16::el9",
    "package" : "quay/quay-rhel9:1779204086"
  }, {
    "product_name" : "Red Hat Quay 3.17",
    "release_date" : "2026-06-02T00:00:00Z",
    "advisory" : "RHSA-2026:22465",
    "cpe" : "cpe:/a:redhat:quay:3.17::el9",
    "package" : "quay/quay-rhel9:1779922205"
  }, {
    "product_name" : "Red Hat Quay 3.9",
    "release_date" : "2026-06-04T00:00:00Z",
    "advisory" : "RHSA-2026:23361",
    "cpe" : "cpe:/a:redhat:quay:3.9::el8",
    "package" : "quay/quay-rhel8:1779811473"
  } ],
  "package_state" : [ {
    "product_name" : "Lightspeed Core",
    "fix_state" : "Affected",
    "package_name" : "lightspeed-core/rag-tool-rhel9",
    "cpe" : "cpe:/a:redhat:lightspeed_core"
  }, {
    "product_name" : "OpenShift Lightspeed",
    "fix_state" : "Not affected",
    "package_name" : "openshift-lightspeed/lightspeed-ocp-rag-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_lightspeed"
  }, {
    "product_name" : "OpenShift Lightspeed",
    "fix_state" : "Affected",
    "package_name" : "openshift-lightspeed/lightspeed-service-api-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_lightspeed"
  }, {
    "product_name" : "OpenShift Lightspeed",
    "fix_state" : "Affected",
    "package_name" : "openshift-lightspeed-tech-preview/lightspeed-rag-tool-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_lightspeed"
  }, {
    "product_name" : "Red Hat AI Inference Server",
    "fix_state" : "Will not fix",
    "package_name" : "rhaiis/vllm-cpu-rhel9",
    "cpe" : "cpe:/a:redhat:ai_inference_server:3"
  }, {
    "product_name" : "Red Hat AI Inference Server",
    "fix_state" : "Will not fix",
    "package_name" : "rhaiis/vllm-neuron-rhel9",
    "cpe" : "cpe:/a:redhat:ai_inference_server:3"
  }, {
    "product_name" : "Red Hat AI Inference Server",
    "fix_state" : "Will not fix",
    "package_name" : "rhaiis/vllm-tpu-rhel9",
    "cpe" : "cpe:/a:redhat:ai_inference_server:3"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Will not fix",
    "package_name" : "ansible-automation-platform-25/lightspeed-chatbot-rhel8",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Not affected",
    "package_name" : "python-pillow",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "python-pillow",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Will not fix",
    "package_name" : "python-pillow",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Not affected",
    "package_name" : "rhoai/odh-caikit-nlp-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Not affected",
    "package_name" : "rhoai/odh-kserve-agent-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Not affected",
    "package_name" : "rhoai/odh-kserve-controller-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Not affected",
    "package_name" : "rhoai/odh-kserve-router-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Not affected",
    "package_name" : "rhoai/odh-kserve-storage-initializer-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Affected",
    "package_name" : "rhoai/odh-llama-stack-core-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Affected",
    "package_name" : "rhoai/odh-llm-d-inference-scheduler-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Not affected",
    "package_name" : "rhoai/odh-mlflow-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Affected",
    "package_name" : "rhoai/odh-openvino-model-server-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Affected",
    "package_name" : "rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Affected",
    "package_name" : "rhoai/odh-trustyai-nemo-guardrails-server-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Affected",
    "package_name" : "rhoai/odh-vllm-cuda-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Affected",
    "package_name" : "rhoai/odh-vllm-gaudi-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Affected",
    "package_name" : "rhoai/odh-vllm-rocm-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat Satellite 6",
    "fix_state" : "Affected",
    "package_name" : "satellite:el8/python-pillow",
    "cpe" : "cpe:/a:redhat:satellite:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-40192\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-40192\nhttps://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628\nhttps://github.com/python-pillow/Pillow/pull/9521\nhttps://github.com/python-pillow/Pillow/security/advisories/GHSA-whj4-6x5x-4v2j\nhttps://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html#prevent-fits-decompression-bomb" ],
  "name" : "CVE-2026-40192",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}