{
  "threat_severity" : "Moderate",
  "public_date" : "2026-05-09T04:08:10Z",
  "bugzilla" : {
    "description" : "Pillow: Pillow: Denial of Service via specially crafted coordinate input",
    "id" : "2468458",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2468458"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.1",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-131",
  "details" : [ "Pillow is a Python imaging library. From version 11.2.1 to before version 12.2.0, passing nested lists as coordinates to APIs that accept coordinates such as ImagePath.Path, ImageDraw.ImageDraw.polygon and ImageDraw.ImageDraw.line could cause a heap buffer overflow, as nested lists were recursively unpacked beyond the allocated buffer. Coordinate lists are now validated to contain exactly two numeric coordinates. This issue has been patched in version 12.2.0.", "A flaw was found in Pillow, a Python imaging library. A malicious actor could exploit this vulnerability by providing specially crafted nested lists as coordinates to image processing APIs within Pillow. This could lead to a heap buffer overflow, potentially causing a denial of service in applications using the library." ],
  "statement" : "This Moderate impact vulnerability in the Pillow Python imaging library could lead to a denial of service. Applications processing untrusted image data that utilize specific Pillow APIs, such as `ImagePath.Path`, `ImageDraw.ImageDraw.polygon`, or `ImageDraw.ImageDraw.line`, with specially crafted nested list coordinates are susceptible to a heap buffer overflow.",
  "affected_release" : [ {
    "product_name" : "Red Hat AI Inference Server 3.3",
    "release_date" : "2026-05-11T00:00:00Z",
    "advisory" : "RHSA-2026:16008",
    "cpe" : "cpe:/a:redhat:ai_inference_server:3.3::el9",
    "package" : "rhaiis/model-opt-cuda-rhel9:1778244559"
  }, {
    "product_name" : "Red Hat AI Inference Server 3.3",
    "release_date" : "2026-05-11T00:00:00Z",
    "advisory" : "RHSA-2026:16009",
    "cpe" : "cpe:/a:redhat:ai_inference_server:3.3::el9",
    "package" : "rhaiis/vllm-rocm-rhel9:1778244531"
  }, {
    "product_name" : "Red Hat AI Inference Server 3.3",
    "release_date" : "2026-05-11T00:00:00Z",
    "advisory" : "RHSA-2026:16030",
    "cpe" : "cpe:/a:redhat:ai_inference_server:3.3::el9",
    "package" : "rhaiis/vllm-cuda-rhel9:1778274666"
  } ],
  "package_state" : [ {
    "product_name" : "Exploit Intelligence",
    "fix_state" : "Fix deferred",
    "package_name" : "exploit-intelligence-tech-preview/vulnerability-analysis-rhel9",
    "cpe" : "cpe:/a:redhat:exploit_intelligence:0"
  }, {
    "product_name" : "OpenShift Lightspeed",
    "fix_state" : "Fix deferred",
    "package_name" : "openshift-lightspeed/lightspeed-ocp-rag-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_lightspeed"
  }, {
    "product_name" : "OpenShift Lightspeed",
    "fix_state" : "Fix deferred",
    "package_name" : "openshift-lightspeed/lightspeed-service-api-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_lightspeed"
  }, {
    "product_name" : "Pen Drive Powered by Red Hat Lightspeed",
    "fix_state" : "Fix deferred",
    "package_name" : "pen-drive/pen-drive-scanner-rhel9",
    "cpe" : "cpe:/a:redhat:pdrive_lightspeed:0"
  }, {
    "product_name" : "Red Hat AI Inference Server",
    "fix_state" : "Fix deferred",
    "package_name" : "rhaiis/vllm-cpu-rhel9",
    "cpe" : "cpe:/a:redhat:ai_inference_server:3"
  }, {
    "product_name" : "Red Hat AI Inference Server",
    "fix_state" : "Fix deferred",
    "package_name" : "rhaiis/vllm-neuron-rhel9",
    "cpe" : "cpe:/a:redhat:ai_inference_server:3"
  }, {
    "product_name" : "Red Hat AI Inference Server",
    "fix_state" : "Fix deferred",
    "package_name" : "rhaiis/vllm-spyre-rhel9",
    "cpe" : "cpe:/a:redhat:ai_inference_server:3"
  }, {
    "product_name" : "Red Hat AI Inference Server",
    "fix_state" : "Fix deferred",
    "package_name" : "rhaiis/vllm-tpu-rhel9",
    "cpe" : "cpe:/a:redhat:ai_inference_server:3"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Fix deferred",
    "package_name" : "ansible-automation-platform-25/lightspeed-chatbot-rhel8",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Fix deferred",
    "package_name" : "ansible-automation-platform-26/hub-rhel9",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Fix deferred",
    "package_name" : "ansible-automation-platform-26/lightspeed-chatbot-rhel9",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Fix deferred",
    "package_name" : "ansible-automation-platform/automation-dashboard-rhel9",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Fix deferred",
    "package_name" : "python-pillow",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "python-pillow",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "python-pillow",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3",
    "fix_state" : "Fix deferred",
    "package_name" : "rhelai3/bootc-aws-cuda-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3",
    "fix_state" : "Fix deferred",
    "package_name" : "rhelai3/bootc-azure-cuda-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3",
    "fix_state" : "Fix deferred",
    "package_name" : "rhelai3/bootc-azure-rocm-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3",
    "fix_state" : "Fix deferred",
    "package_name" : "rhelai3/bootc-cuda-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3",
    "fix_state" : "Fix deferred",
    "package_name" : "rhelai3/bootc-gcp-cuda-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3",
    "fix_state" : "Fix deferred",
    "package_name" : "rhelai3/bootc-rocm-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3",
    "fix_state" : "Fix deferred",
    "package_name" : "rhelai3/disk-image-cuda-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Fix deferred",
    "package_name" : "rhoai/odh-caikit-nlp-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Fix deferred",
    "package_name" : "rhoai/odh-caikit-tgis-serving-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Fix deferred",
    "package_name" : "rhoai/odh-kserve-agent-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Fix deferred",
    "package_name" : "rhoai/odh-kserve-controller-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Fix deferred",
    "package_name" : "rhoai/odh-kserve-router-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Fix deferred",
    "package_name" : "rhoai/odh-kserve-storage-initializer-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Fix deferred",
    "package_name" : "rhoai/odh-llama-stack-core-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Fix deferred",
    "package_name" : "rhoai/odh-llm-d-inference-scheduler-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Fix deferred",
    "package_name" : "rhoai/odh-mlflow-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Fix deferred",
    "package_name" : "rhoai/odh-openvino-model-server-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Fix deferred",
    "package_name" : "rhoai/odh-pipeline-runtime-datascience-cpu-py312-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Fix deferred",
    "package_name" : "rhoai/odh-pipeline-runtime-pytorch-cuda-py312-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Fix deferred",
    "package_name" : "rhoai/odh-pipeline-runtime-pytorch-llmcompressor-cuda-py312-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Fix deferred",
    "package_name" : "rhoai/odh-pipeline-runtime-pytorch-rocm-py312-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Fix deferred",
    "package_name" : "rhoai/odh-pipeline-runtime-tensorflow-cuda-py312-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Fix deferred",
    "package_name" : "rhoai/odh-pipeline-runtime-tensorflow-rocm-py312-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Fix deferred",
    "package_name" : "rhoai/odh-training-cuda128-torch29-py312-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Fix deferred",
    "package_name" : "rhoai/odh-training-rocm64-torch29-py312-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Fix deferred",
    "package_name" : "rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Fix deferred",
    "package_name" : "rhoai/odh-trustyai-nemo-guardrails-server-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Fix deferred",
    "package_name" : "rhoai/odh-vllm-cuda-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Fix deferred",
    "package_name" : "rhoai/odh-vllm-gaudi-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Fix deferred",
    "package_name" : "rhoai/odh-vllm-rocm-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Fix deferred",
    "package_name" : "rhoai/odh-workbench-codeserver-datascience-cpu-py312-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Fix deferred",
    "package_name" : "rhoai/odh-workbench-jupyter-datascience-cpu-py312-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Fix deferred",
    "package_name" : "rhoai/odh-workbench-jupyter-pytorch-cuda-py312-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Fix deferred",
    "package_name" : "rhoai/odh-workbench-jupyter-pytorch-llmcompressor-cuda-py312-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Fix deferred",
    "package_name" : "rhoai/odh-workbench-jupyter-pytorch-rocm-py312-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Fix deferred",
    "package_name" : "rhoai/odh-workbench-jupyter-tensorflow-cuda-py312-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Fix deferred",
    "package_name" : "rhoai/odh-workbench-jupyter-tensorflow-rocm-py312-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Fix deferred",
    "package_name" : "rhoai/odh-workbench-jupyter-trustyai-cpu-py312-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat Quay 3",
    "fix_state" : "Fix deferred",
    "package_name" : "quay/quay-rhel8",
    "cpe" : "cpe:/a:redhat:quay:3"
  }, {
    "product_name" : "Red Hat Quay 3",
    "fix_state" : "Fix deferred",
    "package_name" : "quay/quay-rhel9",
    "cpe" : "cpe:/a:redhat:quay:3"
  }, {
    "product_name" : "Red Hat Satellite 6",
    "fix_state" : "Fix deferred",
    "package_name" : "python-pillow",
    "cpe" : "cpe:/a:redhat:satellite:6"
  }, {
    "product_name" : "Red Hat Satellite 6",
    "fix_state" : "Fix deferred",
    "package_name" : "satellite-capsule:el8/python-pillow",
    "cpe" : "cpe:/a:redhat:satellite:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-42309\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-42309\nhttps://github.com/python-pillow/Pillow/releases/tag/12.2.0\nhttps://github.com/python-pillow/Pillow/security/advisories/GHSA-5xmw-vc9v-4wf2" ],
  "name" : "CVE-2026-42309",
  "csaw" : false
}