Summary
Pillow 12.1.1 and 12.2.0 bundle libtiff 4.7.1 in pillow.libs/, which contains the vulnerable code from CVE-2026-4775 — a signed integer overflow in putcontig8bitYCbCr44tile (and related functions) in tif_getimage.c that can cause an out-of-bounds heap write via a specially crafted TIFF file, potentially resulting in denial of service or arbitrary code execution.
Proof
1. Pillow bundles its own libtiff and ignores the system library
$ python -c "from PIL import features; print(features.version('libtiff'))"
4.7.1
$ ldd /usr/local/lib/python3.11/site-packages/PIL/*.so | grep tiff
libtiff-76d51d59.so.6.2.0 => .../site-packages/pillow.libs/libtiff-76d51d59.so.6.2.0
2. The official libtiff 4.7.1 tarball contains the vulnerable code
Downloaded directly from https://download.osgeo.org/libtiff/tiff-4.7.1.tar.gz and checked libtiff/tif_getimage.c:
2219: int32_t incr = 3 * w + 4 * toskew; ← vulnerable
2359: int32_t incr = 2 * toskew + w; ← vulnerable
2515: int32_t incr = 2 * toskew + w; ← vulnerable
3. The fix postdates the 4.7.1 release
The upstream fix is commit 782a11d6, authored February 22, 2026 — after 4.7.1 shipped. The Debian security team also describes their fix as a "backport", confirming it was not present in upstream 4.7.1.
The fix changes int32_t to const tmsize_t with explicit casts to prevent overflow:
- int32_t incr = 3 * w + 4 * toskew;
+ const tmsize_t incr = 3 * (tmsize_t)w + 4 * (tmsize_t)toskew;
Impact
Any application using Pillow to open untrusted TIFF files is exposed. Image.open() on a crafted TIFF file triggers the vulnerable code path in the bundled libtiff. Upgrading the system libtiff package does not help — Pillow loads its own copy from pillow.libs/ regardless.
Suggested Fix
Update the vendored libtiff to a commit that includes 782a11d6 (i.e., post-4.7.1 main branch), or apply the three-line patch to the vendored copy before the next wheel build.
References
Summary
Pillow 12.1.1 and 12.2.0 bundle libtiff 4.7.1 in
pillow.libs/, which contains the vulnerable code from CVE-2026-4775 — a signed integer overflow inputcontig8bitYCbCr44tile(and related functions) intif_getimage.cthat can cause an out-of-bounds heap write via a specially crafted TIFF file, potentially resulting in denial of service or arbitrary code execution.Proof
1. Pillow bundles its own libtiff and ignores the system library
2. The official libtiff 4.7.1 tarball contains the vulnerable code
Downloaded directly from https://download.osgeo.org/libtiff/tiff-4.7.1.tar.gz and checked
libtiff/tif_getimage.c:3. The fix postdates the 4.7.1 release
The upstream fix is commit
782a11d6, authored February 22, 2026 — after 4.7.1 shipped. The Debian security team also describes their fix as a "backport", confirming it was not present in upstream 4.7.1.The fix changes
int32_ttoconst tmsize_twith explicit casts to prevent overflow:Impact
Any application using Pillow to open untrusted TIFF files is exposed.
Image.open()on a crafted TIFF file triggers the vulnerable code path in the bundled libtiff. Upgrading the system libtiff package does not help — Pillow loads its own copy frompillow.libs/regardless.Suggested Fix
Update the vendored libtiff to a commit that includes
782a11d6(i.e., post-4.7.1 main branch), or apply the three-line patch to the vendored copy before the next wheel build.References