Published: 10/01/2022 Updated: 31/01/2023

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

CVSS v3 Base Score: 6.5 | Impact Score: 2.5 | Exploitability Score: 3.9

VMScore: 571

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P

path_getbbox in path.c in Pillow prior to 9.0.0 improperly initializes ImagePath.Path.

Vulnerable Product	Search on Vulmon	Subscribe to Product
python pillow
debian debian linux 9.0
debian debian linux 10.0
debian debian linux 11.0

An incomplete fix was discovered in Pillow ...

Multiple security issues were discovered in Pillow, a Python imaging library, which could result in denial of service and potentially the execution of arbitrary code if malformed images are processed For the oldstable distribution (buster), these problems have been fixed in version 541-2+deb10u3 For the stable distribution (bullseye), these pro ...

A flaw was found in python-pillow The vulnerability occurs due to improper initialization of image paths, leading to a buffer over-read and improper initialization This flaw allows an attacker to unauthorized memory access that causes memory access errors, incorrect results, or crashes (CVE-2022-22815) A flaw was found in python-pillow The vuln ...

path_getbbox in pathc in Pillow before 900 improperly initializes ImagePathPath ...

CWE-665 https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331 https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html https://www.debian.org/security/2022/dsa-5053 https://security.gentoo.org/glsa/202211-10 https://nvd.nist.gov https://ubuntu.com/security/notices/USN-5227-3

CVE-2022-22815

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect