ByteOS Network

psd-tools

Source -

CNANVD

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2026-27809

Assigner-GitHub, Inc.

View Details

Assigner-GitHub, Inc.

CVSS Score-6.8||MEDIUM

EPSS-0.04% / 11.96%

7 Day CHG~0.00%

Published-25 Feb, 2026 | 23:57

Updated-27 Feb, 2026 | 14:06

psd-tools: Compression module has unguarded zlib decompression, missing dimension validation, and hardening gaps

psd-tools is a Python package for working with Adobe Photoshop PSD files. Prior to version 1.12.2, when a PSD file contains malformed RLE-compressed image data (e.g. a literal run that extends past the expected row size), decode_rle() raises ValueError which propagated all the way to the user, crashing psd.composite() and psd-tools export. decompress() already had a fallback that replaces failed channels with black pixels when result is None, but it never triggered because the ValueError from decode_rle() was not caught. The fix in version 1.12.2 wraps the decode_rle() call in a try/except so the existing fallback handles the error gracefully.

Vendor-psd-tools

Product-psd-tools

CWE ID-CWE-190

Integer Overflow or Wraparound

CWE ID-CWE-409

Improper Handling of Highly Compressed Data (Data Amplification)

CWE ID-CWE-617

Reachable Assertion

CWE ID-CWE-704

Incorrect Type Conversion or Cast

CWE ID-CWE-755

Improper Handling of Exceptional Conditions