CVE-2026-28231
Published: 27 February 2026
Summary
CVE-2026-28231 is a medium-severity Out-of-bounds Read (CWE-125) vulnerability in Bigcat88 Pillow-Heif. Its CVSS base score is 5.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 45.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Computer Vision; in the Privacy and Disclosure risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2026-28231 is an integer overflow vulnerability in the encode path buffer validation within the `_pillow_heif.c` file of the pillow_heif Python library, which handles HEIF images and serves as a plugin for Pillow. Versions prior to 1.3.0 are affected, where large image dimensions provided by an attacker can bypass bounds checks, triggering a heap out-of-bounds read. This issue, tied to CWE-125 (Out-of-bounds Read) and CWE-190 (Integer Overflow or Wraparound), carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H) and was published on 2026-02-27.
Any remote attacker can exploit this vulnerability without privileges or user interaction by supplying maliciously crafted image dimensions during the encoding process, which requires no special configuration and triggers under default settings. Successful exploitation results in either information disclosure, where server heap memory leaks into the encoded images, or denial of service via process crash.
The pillow_heif project addresses this in version 1.3.0, available via the release at https://github.com/bigcat88/pillow_heif/releases/tag/v1.3.0. The fixing commit is at https://github.com/bigcat88/pillow_heif/commit/8305a15d3780c533b762578cbe987d27a2c59c7a, and further details are in the security advisory at https://github.com/bigcat88/pillow_heif/security/advisories/GHSA-5gjj-6r7v-ph3x. Security practitioners should update to 1.3.0 or later to mitigate the risk.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-9061
Vulnerability details
pillow_heif is a Python library for working with HEIF images and plugin for Pillow. Prior to version 1.3.0, an integer overflow in the encode path buffer validation of `_pillow_heif.c` allows an attacker to bypass bounds checks by providing large image…
more
dimensions, resulting in a heap out-of-bounds read. This can lead to information disclosure (server heap memory leaking into encoded images) or denial of service (process crash). No special configuration is required — this triggers under default settings. Version 1.3.0 fixes the issue.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Computer Vision
- Risk Domain
- Privacy and Disclosure
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: pillow
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated exploitation of the integer overflow / OOB read in a network-reachable image encoding path directly enables T1190 (public-facing application compromise) and T1499.004 (application DoS via crafted input).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the integer overflow vulnerability by requiring timely updates to pillow_heif version 1.3.0 or later, eliminating the heap out-of-bounds read.
Validates image dimensions and other inputs before passing to the encode path, preventing large values from triggering the buffer validation bypass.
Implements memory protections such as ASLR and heap hardening to mitigate the impact of out-of-bounds reads, reducing information disclosure and crash risks.