CVE-2026-27809

{"id": "CVE-2026-27809", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.8, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "UNREPORTED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-02-26T00:16:26.233", "references": [{"url": "https://github.com/psd-tools/psd-tools/commit/6c0a78f195b5942757886a1863793fd5946c1fb1", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/psd-tools/psd-tools/releases/tag/v1.12.2", "tags": ["Product", "Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/psd-tools/psd-tools/security/advisories/GHSA-24p2-j2jr-386w", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-190"}, {"lang": "en", "value": "CWE-409"}, {"lang": "en", "value": "CWE-617"}, {"lang": "en", "value": "CWE-704"}, {"lang": "en", "value": "CWE-755"}, {"lang": "en", "value": "CWE-789"}]}], "descriptions": [{"lang": "en", "value": "psd-tools is a Python package for working with Adobe Photoshop PSD files. Prior to version 1.12.2, when a PSD file contains malformed RLE-compressed image data (e.g. a literal run that extends past the expected row size), decode_rle() raises ValueError which propagated all the way to the user, crashing psd.composite() and psd-tools export. decompress() already had a fallback that replaces failed channels with black pixels when result is None, but it never triggered because the ValueError from decode_rle() was not caught. The fix in version 1.12.2 wraps the decode_rle() call in a try/except so the existing fallback handles the error gracefully."}, {"lang": "es", "value": "psd-tools es un paquete de Python para trabajar con archivos PSD de Adobe Photoshop. Antes de la versi\u00f3n 1.12.2, cuando un archivo PSD contiene datos de imagen comprimidos RLE malformados (por ejemplo, una secuencia literal que se extiende m\u00e1s all\u00e1 del tama\u00f1o de fila esperado), decode_rle() lanza un ValueError que se propagaba hasta el usuario, provocando el fallo de psd.composite() y psd-tools export. decompress() ya ten\u00eda una alternativa que reemplaza los canales fallidos con p\u00edxeles negros cuando el resultado es None, pero nunca se activaba porque el ValueError de decode_rle() no era capturado. La correcci\u00f3n en la versi\u00f3n 1.12.2 envuelve la llamada a decode_rle() en un bloque try/except para que la alternativa existente maneje el error de forma elegante."}], "lastModified": "2026-03-02T18:55:10.073", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:psd-tools_project:psd-tools:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A84A4E59-9D62-4B75-B39E-58413BDCAAC8", "versionEndExcluding": "1.12.2"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}