12.3.0 (2026-07-01)¶
Security¶
Prevent decompression bomb when parsing PDF¶
When parsing a PDF, PdfStream.decode() attempts to decompress data without any
limit. A default maximum of ImageFile.SAFEBLOCK has been added. PdfParser was
added in Pillow 5.1.0. Reported by redyank.
CVE 2026-55798: WindowsViewer.get_command injection¶
If an attacker has control over the path passed to
ImageShow.WindowsViewer.get_command(), and the result is executed by the user, the
attacker may be able to execute arbitrary shell commands. Reported by Bin Luo,
University of Electronic Science and Technology of China (luob87709@gmail.com).
EPS image infinite loop¶
If a negative byte count is specified for the BeginBinary byte count, an infinite loop is possible as Pillow seeks repeatedly backwards. This value will now be validated. BeginBinary parsing was only added in Pillow 12.0.0. Reported by jiagongzheng-stack.
JPEG2000 image memory usage¶
The total component width was incorrectly accumulated across tiles within a JPEG2000 image, potentially leading to excessive memory use. This was introduced as part of an earlier security fix in Pillow 8.2.0, but has now been fixed. Reported by Fr3v1.
McIdas out-of-bounds (OOB) read¶
McIdas images can specify the stride, and if incorrectly set, may cause an OOB read. This has been fixed. Reported by Devansh Shah, RUDRA Cybersecurity Pvt. Ltd.
Out-of-bounds (OOB) read when saving 1 mode TGA images¶
Saving 1 mode images as TGA with run-length encoding can trigger an OOB read. This was added in Pillow 5.2.0, but the functionality is not possible under the TGA specification, so it has been removed. Reported by Seratov.
Out-of-bounds (OOB) write from large RankFilter sizes¶
RankFilter, and its subclasses, can potentially write
out-of-bounds if given a large size. This has been fixed. Reported by
Seratov.
Out-of-bounds (OOB) write from Image.paste()¶
Large paste box dimensions can cause an OOB write in Image.crop(),
Image.paste() and Image.alpha_composite(). This has been fixed. Reported by
Seratov.
Out-of-bounds (OOB) write in ImageCmsTransform¶
Apply a transform mode to a different image mode can trigger an OOB write in
ImageCmsTransform. Errors are now raised if the mode does not match. Reported by
Seratov.
CVE 2026-54059, CVE 2026-54060, CVE 2026-55379: Prevent FontFile decompression bomb¶
Decompression bomb checks have now been added to FontFile,
and its subclasses, checking the width and height of characters. Reported by Rahul
Singh and Dinesh.
CVE 2026-55380: Prevent GD decompression bomb¶
A decompression bomb check has been added to GdImageFile.
This is format must be explicitly called though, rather than being accessible from
Image.open(). Reported by Rahul Singh.
API additions¶
Added scale_down argument to ImageGrab.grab()¶
grab() now accepts an optional keyword argument of
scale_down. This affects macOS screenshots with a bbox on a Retina screen. By
default, images will be captured at 2x. If scale_down is True, they will be at
1x.
Previously, macOS screenshots with a bbox were captured at 1x by default.
Added max_length argument to PdfStream.decode()¶
When calling PdfStream.decode(), the maximum length of data to decode can now be
specified. This will default to ImageFile.SAFEBLOCK.
Other changes¶
Python 3.15 beta¶
To help other projects prepare for Python 3.15, wheels are now built for the 3.15 beta as a preview. This is not official support for Python 3.15, but rather an opportunity for you to test how Pillow works with the beta and report any problems.
SBOM in wheels¶
Following PEP 770, the Software Bill-of-Materials (SBOM) has now been embedded into Pillow’s wheels.
Removed Python 3.13 free-threaded wheels¶
Python 3.13 added an experimental free-threaded mode, and Pillow 11.0.0 added corresponding wheels. Now that Python 3.14 includes official support for it, Pillow has removed wheels for Python 3.13 free-threaded mode.
Performance improvements¶
A number of changes have been made to optimize the use of C when manipulating images.
This improves performance by up to 5.6 times of Image’s
alpha_composite, fill, filter, getchannel, linear_gradient,
matrix, merge, negative, putalpha, quantize,
radial_gradient, resample, split, and ImageChops operations.