Vulnerability Details CVE-2026-27809
psd-tools is a Python package for working with Adobe Photoshop PSD files. Prior to version 1.12.2, when a PSD file contains malformed RLE-compressed image data (e.g. a literal run that extends past the expected row size), decode_rle() raises ValueError which propagated all the way to the user, crashing psd.composite() and psd-tools export. decompress() already had a fallback that replaces failed channels with black pixels when result is None, but it never triggered because the ValueError from decode_rle() was not caught. The fix in version 1.12.2 wraps the decode_rle() call in a try/except so the existing fallback handles the error gracefully.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 15.2%
CVSS Severity
CVSS v3 Score 9.1
References
Products affected by CVE-2026-27809
-
cpe:2.3:a:psd-tools_project:psd-tools:0.1
-
cpe:2.3:a:psd-tools_project:psd-tools:0.1.1
-
cpe:2.3:a:psd-tools_project:psd-tools:0.1.2
-
cpe:2.3:a:psd-tools_project:psd-tools:0.1.3
-
cpe:2.3:a:psd-tools_project:psd-tools:0.1.4
-
cpe:2.3:a:psd-tools_project:psd-tools:0.10
-
cpe:2.3:a:psd-tools_project:psd-tools:0.2
-
cpe:2.3:a:psd-tools_project:psd-tools:0.5
-
cpe:2.3:a:psd-tools_project:psd-tools:0.6
-
cpe:2.3:a:psd-tools_project:psd-tools:0.7
-
cpe:2.3:a:psd-tools_project:psd-tools:0.7.1
-
cpe:2.3:a:psd-tools_project:psd-tools:0.8
-
cpe:2.3:a:psd-tools_project:psd-tools:0.8.1
-
cpe:2.3:a:psd-tools_project:psd-tools:0.8.2
-
cpe:2.3:a:psd-tools_project:psd-tools:0.8.3
-
cpe:2.3:a:psd-tools_project:psd-tools:0.8.4
-
cpe:2.3:a:psd-tools_project:psd-tools:0.9
-
cpe:2.3:a:psd-tools_project:psd-tools:0.9.1
-
cpe:2.3:a:psd-tools_project:psd-tools:1.0
-
cpe:2.3:a:psd-tools_project:psd-tools:1.1
-
cpe:2.3:a:psd-tools_project:psd-tools:1.2
-
cpe:2.3:a:psd-tools_project:psd-tools:1.3
-
cpe:2.3:a:psd-tools_project:psd-tools:1.4
-
cpe:2.3:a:psd-tools_project:psd-tools:1.8.10
-
cpe:2.3:a:psd-tools_project:psd-tools:1.8.11
-
cpe:2.3:a:psd-tools_project:psd-tools:1.8.12
-
cpe:2.3:a:psd-tools_project:psd-tools:1.8.14
-
cpe:2.3:a:psd-tools_project:psd-tools:1.8.17
-
cpe:2.3:a:psd-tools_project:psd-tools:1.8.21
-
cpe:2.3:a:psd-tools_project:psd-tools:1.8.25
-
cpe:2.3:a:psd-tools_project:psd-tools:1.8.26
-
cpe:2.3:a:psd-tools_project:psd-tools:1.8.27
-
cpe:2.3:a:psd-tools_project:psd-tools:1.8.28
-
cpe:2.3:a:psd-tools_project:psd-tools:1.8.29
-
cpe:2.3:a:psd-tools_project:psd-tools:1.8.30
-
cpe:2.3:a:psd-tools_project:psd-tools:1.8.31
-
cpe:2.3:a:psd-tools_project:psd-tools:1.8.32
-
cpe:2.3:a:psd-tools_project:psd-tools:1.8.33
-
cpe:2.3:a:psd-tools_project:psd-tools:1.8.34
-
cpe:2.3:a:psd-tools_project:psd-tools:1.8.35
-
cpe:2.3:a:psd-tools_project:psd-tools:1.8.36
-
cpe:2.3:a:psd-tools_project:psd-tools:1.8.38
-
cpe:2.3:a:psd-tools_project:psd-tools:1.8.8
-
cpe:2.3:a:psd-tools_project:psd-tools:1.8.9
-
cpe:2.3:a:psd-tools_project:psd-tools:1.9.0
-
cpe:2.3:a:psd-tools_project:psd-tools:1.9.1
-
cpe:2.3:a:psd-tools_project:psd-tools:1.9.2
-
cpe:2.3:a:psd-tools_project:psd-tools:1.9.3
-
cpe:2.3:a:psd-tools_project:psd-tools:1.9.4
-
cpe:2.3:a:psd-tools_project:psd-tools:1.9.5
-
cpe:2.3:a:psd-tools_project:psd-tools:1.9.6
-
cpe:2.3:a:psd-tools_project:psd-tools:1.9.7