High7.5Red Hat & Ubuntu Linux Updated
Denial of Service via excessive memory allocation when processing font files
CVE-2026-54060 Published Jul 6, 2026Updated by vendor Jul 6, 2026
CVE-2026-54060
Affected products & platforms
Red Hat & Ubuntu LinuxUnclassified
Summary
Denial of Service via excessive memory allocation when processing font files. Red Hat rates this important (CVSS 7.5). Weakness: CWE-1050. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Mitigation checklist
Recommended fix / mitigation
- Avoid loading untrusted font files with Pillow. If processing font files from untrusted sources is required, implement application-level resource limits (e.g., cgroups, ulimit) to restrict memory allocation per process. Upgrading to Pillow 12.3.0 or later resolves this issue.
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.