Cyber Resilience

CVE-2026-28231

MediumPublic PoC

Published: 27 February 2026

Published
27 February 2026
Modified
04 March 2026
KEV Added
Patch
CVSS Score v4 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0063 45.6th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2026-28231 is a medium-severity Out-of-bounds Read (CWE-125) vulnerability in Bigcat88 Pillow-Heif. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 45.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Computer Vision; in the Privacy and Disclosure risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-28231 is an integer overflow vulnerability in the encode path buffer validation within the `_pillow_heif.c` file of the pillow_heif Python library, which handles HEIF images and serves as a plugin for Pillow. Versions prior to 1.3.0 are affected, where large image dimensions provided by an attacker can bypass bounds checks, triggering a heap out-of-bounds read. This issue, tied to CWE-125 (Out-of-bounds Read) and CWE-190 (Integer Overflow or Wraparound), carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H) and was published on 2026-02-27.

Any remote attacker can exploit this vulnerability without privileges or user interaction by supplying maliciously crafted image dimensions during the encoding process, which requires no special configuration and triggers under default settings. Successful exploitation results in either information disclosure, where server heap memory leaks into the encoded images, or denial of service via process crash.

The pillow_heif project addresses this in version 1.3.0, available via the release at https://github.com/bigcat88/pillow_heif/releases/tag/v1.3.0. The fixing commit is at https://github.com/bigcat88/pillow_heif/commit/8305a15d3780c533b762578cbe987d27a2c59c7a, and further details are in the security advisory at https://github.com/bigcat88/pillow_heif/security/advisories/GHSA-5gjj-6r7v-ph3x. Security practitioners should update to 1.3.0 or later to mitigate the risk.

EU & UK References

Vulnerability details

pillow_heif is a Python library for working with HEIF images and plugin for Pillow. Prior to version 1.3.0, an integer overflow in the encode path buffer validation of `_pillow_heif.c` allows an attacker to bypass bounds checks by providing large image…

more

dimensions, resulting in a heap out-of-bounds read. This can lead to information disclosure (server heap memory leaking into encoded images) or denial of service (process crash). No special configuration is required — this triggers under default settings. Version 1.3.0 fixes the issue.

CWE(s)

AI Security AnalysisAI

AI Category
Computer Vision
Risk Domain
Privacy and Disclosure
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: pillow

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Remote unauthenticated exploitation of the integer overflow / OOB read in a network-reachable image encoding path directly enables T1190 (public-facing application compromise) and T1499.004 (application DoS via crafted input).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-28693Shared CWE-125, CWE-190
CVE-2026-40890Shared CWE-125
CVE-2026-26264Shared CWE-125
CVE-2026-21863Shared CWE-125
CVE-2026-33598Shared CWE-125
CVE-2026-2588Shared CWE-190
CVE-2026-32877Shared CWE-125
CVE-2026-4750Shared CWE-125
CVE-2026-3622Shared CWE-125
CVE-2026-41503Shared CWE-125

Affected Assets

bigcat88
pillow-heif
≤ 1.3.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the integer overflow vulnerability by requiring timely updates to pillow_heif version 1.3.0 or later, eliminating the heap out-of-bounds read.

prevent

Validates image dimensions and other inputs before passing to the encode path, preventing large values from triggering the buffer validation bypass.

prevent

Implements memory protections such as ASLR and heap hardening to mitigate the impact of out-of-bounds reads, reducing information disclosure and crash risks.

References