Description

psd-tools is a Python package for working with Adobe Photoshop PSD files. Prior to version 1.12.2, when a PSD file contains malformed RLE-compressed image data (e.g. a literal run that extends past the expected row size), decode_rle() raises ValueError which propagated all the way to the user, crashing psd.composite() and psd-tools export. decompress() already had a fallback that replaces failed channels with black pixels when result is None, but it never triggered because the ValueError from decode_rle() was not caught. The fix in version 1.12.2 wraps the decode_rle() call in a try/except so the existing fallback handles the error gracefully.

INFO

Published Date :

2026-02-25T23:57:00.760Z

Last Modified :

2026-02-26T15:17:34.807Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-27809 vulnerability.

Vendors Products
Psd-tools
  • Psd-tools
Psd-tools Project
  • Psd-tools
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-27809.

URL Resource
https://github.com/psd-tools/psd-tools/commit/6c0a78f195b5942757886a1863793fd5946c1fb1 cve-icon cve-icon
https://github.com/psd-tools/psd-tools/releases/tag/v1.12.2 cve-icon cve-icon
https://github.com/psd-tools/psd-tools/security/advisories/GHSA-24p2-j2jr-386w cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact