A vulnerability identified as problematic has been detected in Pillow up to 12.1.x . Affected is an unknown function. Performing a manipulation results in integer overflow. This vulnerability is reported as CVE-2026-42308 . The attack requires a local approach. No exploit exists. You should upgrade the affected component.