Pillow 4.2.012.2.0 PDF Parser DoS (CPU Exhaustion)
CVE-2026-42310 Published on May 9, 2026

Pillow: PDF Parsing Trailer Infinite Loop (DoS)
Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This issue has been patched in version 12.2.0.

NVD

Weakness Type

What is an Infinite Loop Vulnerability?

The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop. If the loop can be influenced by an attacker, this weakness could allow attackers to consume excessive resources such as CPU or memory.

CVE-2026-42310 has been classified to as an Infinite Loop vulnerability or weakness.

Affected Versions

python-pillow Pillow Version >= 4.2.0, < 12.2.0 is affected by CVE-2026-42310

Pillow 4.2.012.2.0 PDF Parser DoS (CPU Exhaustion)CVE-2026-42310 Published on May 9, 2026

Weakness Type

What is an Infinite Loop Vulnerability?

Affected Versions

Pillow 4.2.012.2.0 PDF Parser DoS (CPU Exhaustion)
CVE-2026-42310 Published on May 9, 2026