{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-40192","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2026-04-09T20:59:17.620Z","datePublished":"2026-04-15T22:53:56.147Z","dateUpdated":"2026-07-02T12:04:57.152Z"},"containers":{"cna":{"title":"Pillow is vulnerable to a FITS GZIP decompression bomb","problemTypes":[{"descriptions":[{"cweId":"CWE-770","lang":"en","description":"CWE-770: Allocation of Resources Without Limits or Throttling","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-400","lang":"en","description":"CWE-400: Uncontrolled Resource Consumption","type":"CWE"}]}],"metrics":[{"cvssV4_0":{"attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","baseScore":8.7,"baseSeverity":"HIGH","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N","version":"4.0"}}],"references":[{"name":"https://github.com/python-pillow/Pillow/security/advisories/GHSA-whj4-6x5x-4v2j","tags":["x_refsource_CONFIRM"],"url":"https://github.com/python-pillow/Pillow/security/advisories/GHSA-whj4-6x5x-4v2j"},{"name":"https://github.com/python-pillow/Pillow/pull/9521","tags":["x_refsource_MISC"],"url":"https://github.com/python-pillow/Pillow/pull/9521"},{"name":"https://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628","tags":["x_refsource_MISC"],"url":"https://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628"},{"name":"https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html#prevent-fits-decompression-bomb","tags":["x_refsource_MISC"],"url":"https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html#prevent-fits-decompression-bomb"}],"affected":[{"vendor":"python-pillow","product":"Pillow","versions":[{"version":">= 10.3.0, < 12.2.0","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2026-04-15T22:53:56.147Z"},"descriptions":[{"lang":"en","value":"Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leading to denial of service (OOM crash or severe performance degradation). If users are unable to immediately upgrade, they should only open specific image formats, excluding FITS, as a workaround."}],"source":{"advisory":"GHSA-whj4-6x5x-4v2j","discovery":"UNKNOWN"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-04-16T13:37:11.864898Z","id":"CVE-2026-40192","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-04-16T13:37:19.918Z"}},{"affected":[{"cpes":["cpe:/a:redhat:ansible_automation_platform:2.5::el8","cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8","cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8"],"defaultStatus":"affected","product":"Red Hat Ansible Automation Platform 2.5 for RHEL 8","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:satellite:6.16::el8","cpe:/a:redhat:satellite_capsule:6.16::el8","cpe:/a:redhat:satellite_maintenance:6.16::el8","cpe:/a:redhat:satellite_utils:6.16::el8"],"defaultStatus":"affected","product":"Red Hat Satellite 6.16 for RHEL 8","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:ansible_automation_platform:2.5::el9","cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9","cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9"],"defaultStatus":"affected","product":"Red Hat Ansible Automation Platform 2.5 for RHEL 9","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:ansible_automation_platform:2.6::el9","cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9","cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9"],"defaultStatus":"affected","product":"Red Hat Ansible Automation Platform 2.6 for RHEL 9","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:satellite:6.16::el9","cpe:/a:redhat:satellite_capsule:6.16::el9","cpe:/a:redhat:satellite_maintenance:6.16::el9","cpe:/a:redhat:satellite_utils:6.16::el9"],"defaultStatus":"affected","product":"Red Hat Satellite 6.16 for RHEL 9","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:satellite:6.17::el9","cpe:/a:redhat:satellite_capsule:6.17::el9","cpe:/a:redhat:satellite_maintenance:6.17::el9","cpe:/a:redhat:satellite_utils:6.17::el9"],"defaultStatus":"affected","product":"Red Hat Satellite 6.17 for RHEL 9","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:satellite:6.18::el9","cpe:/a:redhat:satellite_capsule:6.18::el9","cpe:/a:redhat:satellite_utils:6.18::el9"],"defaultStatus":"affected","product":"Red Hat Satellite 6.18 for RHEL 9","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:satellite:6.19::el9","cpe:/a:redhat:satellite_capsule:6.19::el9","cpe:/a:redhat:satellite_maintenance:6.19::el9","cpe:/a:redhat:satellite_utils:6.19::el9"],"defaultStatus":"affected","product":"Red Hat Satellite 6.19 for RHEL 9","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:ai_inference_server:3.3::el9"],"defaultStatus":"affected","product":"Red Hat AI Inference Server 3.3","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:ansible_automation_platform:2.6::el9"],"defaultStatus":"affected","product":"Red Hat Ansible Automation Platform 2.6","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:enterprise_linux_ai:3.3::el9"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AI 3.3","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_ai:2.25::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift AI 2.25","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_ai:3.3::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift AI 3.3","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:quay:3.10::el8"],"defaultStatus":"affected","product":"Red Hat Quay 3.10","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:quay:3.12::el8"],"defaultStatus":"affected","product":"Red Hat Quay 3.12","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:quay:3.14::el8"],"defaultStatus":"affected","product":"Red Hat Quay 3.14","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:quay:3.15::el8"],"defaultStatus":"affected","product":"Red Hat Quay 3.15","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:quay:3.16::el9"],"defaultStatus":"affected","product":"Red Hat Quay 3.16","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:quay:3.17::el9"],"defaultStatus":"affected","product":"Red Hat Quay 3.17","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:quay:3.9::el8"],"defaultStatus":"affected","product":"Red Hat Quay 3.9","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:lightspeed_core"],"defaultStatus":"affected","product":"Lightspeed Core","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_lightspeed"],"defaultStatus":"affected","product":"OpenShift Lightspeed","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:ai_inference_server:3"],"defaultStatus":"affected","product":"Red Hat AI Inference Server","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:ansible_automation_platform:2"],"defaultStatus":"affected","product":"Red Hat Ansible Automation Platform 2","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:7"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux 7","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:8"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux 8","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_ai"],"defaultStatus":"affected","product":"Red Hat OpenShift AI (RHOAI)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:ansible_automation_platform:2.6::el10","cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10"],"defaultStatus":"unaffected","product":"Red Hat Ansible Automation Platform 2.6 for RHEL 10","vendor":"Red Hat"}],"datePublic":"2026-04-15T22:53:56.147Z","descriptions":[{"lang":"en","value":"A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to trigger a denial of service (DoS) by providing a specially crafted FITS image file. The library's failure to limit the amount of GZIP-compressed data during decoding can lead to unbounded memory consumption, causing the system to crash or experience severe performance issues."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-409","description":"Improper Handling of Highly Compressed Data (Data Amplification)","lang":"en","type":"CWE"}]}],"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-40192"},{"name":"RHBZ#2458856","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458856"},{"tags":["x_sadp-csaf-vex"],"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40192.json"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:24761"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:27076"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:24762"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:34366"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:34368"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:34365"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:16008"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:16030"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:16009"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:16174"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:24866"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:17611"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:17609"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:24977"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:19712"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:22840"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:22629"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:21017"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:24853"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:19375"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:22465"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:23361"}],"solutions":[{"lang":"en","value":"RHSA-2026:24761: Red Hat Ansible Automation Platform 2.5 for RHEL 8, Red Hat Ansible Automation Platform 2.5 for RHEL 9"},{"lang":"en","value":"RHSA-2026:27076: Red Hat Satellite 6.16 for RHEL 8, Red Hat Satellite 6.16 for RHEL 9"},{"lang":"en","value":"RHSA-2026:24762: Red Hat Ansible Automation Platform 2.6 for RHEL 9"},{"lang":"en","value":"RHSA-2026:34366: Red Hat Satellite 6.17 for RHEL 9"},{"lang":"en","value":"RHSA-2026:34368: Red Hat Satellite 6.18 for RHEL 9"},{"lang":"en","value":"RHSA-2026:34365: Red Hat Satellite 6.19 for RHEL 9"},{"lang":"en","value":"RHSA-2026:16008: Red Hat AI Inference Server 3.3"},{"lang":"en","value":"RHSA-2026:16030: Red Hat AI Inference Server 3.3"},{"lang":"en","value":"RHSA-2026:16009: Red Hat AI Inference Server 3.3"},{"lang":"en","value":"RHSA-2026:16174: Red Hat AI Inference Server 3.3"},{"lang":"en","value":"RHSA-2026:24866: Red Hat Ansible Automation Platform 2.6"},{"lang":"en","value":"RHSA-2026:17611: Red Hat Enterprise Linux AI 3.3"},{"lang":"en","value":"RHSA-2026:17609: Red Hat Enterprise Linux AI 3.3"},{"lang":"en","value":"RHSA-2026:24977: Red Hat OpenShift AI 2.25"},{"lang":"en","value":"RHSA-2026:19712: Red Hat OpenShift AI 3.3"},{"lang":"en","value":"RHSA-2026:22840: Red Hat Quay 3.10"},{"lang":"en","value":"RHSA-2026:22629: Red Hat Quay 3.12"},{"lang":"en","value":"RHSA-2026:21017: Red Hat Quay 3.14"},{"lang":"en","value":"RHSA-2026:24853: Red Hat Quay 3.15"},{"lang":"en","value":"RHSA-2026:19375: Red Hat Quay 3.16"},{"lang":"en","value":"RHSA-2026:22465: Red Hat Quay 3.17"},{"lang":"en","value":"RHSA-2026:23361: Red Hat Quay 3.9"}],"timeline":[{"lang":"en","time":"2026-04-16T00:00:49.590Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-04-15T22:53:56.147Z","value":"Made public."}],"title":"Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing","workarounds":[{"lang":"en","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}],"x_adpType":"supplier","x_generator":{"engine":"sadp-cli 1.0.0"},"providerMetadata":{"orgId":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","shortName":"redhat-SADP","dateUpdated":"2026-07-02T12:04:57.152Z"}}]}}