High7.5Red Hat & Ubuntu Linux Updated
Denial of Service via crafted PCF font data
CVE-2026-54059 Published Jul 6, 2026Updated by vendor Jul 6, 2026
CVE-2026-54059
Affected products & platforms
Red Hat & Ubuntu LinuxUnclassified
Summary
Denial of Service via crafted PCF font data. Red Hat rates this important (CVSS 7.5). Weakness: CWE-409. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Mitigation checklist
Recommended fix / mitigation
- Do not load PCF fonts from untrusted sources. If PCF font loading is required, validate font file dimensions before passing them to Pillow, or upgrade to Pillow 12.3.0 or later which includes the fix for this vulnerability.
Official advisory · high-confidence parse· fetched 27 minutes ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.