https://bugzilla.redhat.com/show_bug.cgi?id=2087609
Bug ID: 2087609 Summary: CVE-2022-30595 python-pillow: heap buffer overflow in crafted TGA file Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team@redhat.com Reporter: saroy@redhat.com CC: epel-packagers-sig@lists.fedoraproject.org, infra-sig@lists.fedoraproject.org, manisandro@gmail.com, miminar@redhat.com, python-sig@lists.fedoraproject.org Target Milestone: --- Classification: Other
"CVE-2022-30595: When reading a TGA file with RLE packets that cross scan lines, Pillow reads the information past the end of the first line without deducting that from the length of the remaining file data. This vulnerability was introduced in Pillow 9.1.0, and can cause a heap buffer overflow."
Introduced in 9.1.0, so only unstable is affected. Please bump to 9.1.1.
https://bugs.gentoo.org/845192
https://bugzilla.redhat.com/show_bug.cgi?id=2087609
Sandipan Roy saroy@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |2087614 Depends On| |2087613, 2087612, 2087611, | |2087610
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=2087610 [Bug 2087610] CVE-2022-30595 python-pillow: heap buffer overflow in crafted TGA file [fedora-35] https://bugzilla.redhat.com/show_bug.cgi?id=2087611 [Bug 2087611] CVE-2022-30595 mingw-python-pillow: python-pillow: heap buffer overflow in crafted TGA file [fedora-34] https://bugzilla.redhat.com/show_bug.cgi?id=2087612 [Bug 2087612] CVE-2022-30595 python-pillow: heap buffer overflow in crafted TGA file [fedora-34] https://bugzilla.redhat.com/show_bug.cgi?id=2087613 [Bug 2087613] CVE-2022-30595 mingw-python-pillow: python-pillow: heap buffer overflow in crafted TGA file [fedora-35]
https://bugzilla.redhat.com/show_bug.cgi?id=2087609
--- Comment #1 from Sandipan Roy saroy@redhat.com --- Created mingw-python-pillow tracking bugs for this issue:
Affects: fedora-34 [bug 2087611] Affects: fedora-35 [bug 2087613]
Created python-pillow tracking bugs for this issue:
Affects: fedora-34 [bug 2087612] Affects: fedora-35 [bug 2087610]
https://bugzilla.redhat.com/show_bug.cgi?id=2087609 Bug 2087609 depends on bug 2087613, which changed state.
Bug 2087613 Summary: CVE-2022-30595 mingw-python-pillow: python-pillow: heap buffer overflow in crafted TGA file [fedora-35] https://bugzilla.redhat.com/show_bug.cgi?id=2087613
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |RAWHIDE
https://bugzilla.redhat.com/show_bug.cgi?id=2087609 Bug 2087609 depends on bug 2087612, which changed state.
Bug 2087612 Summary: CVE-2022-30595 python-pillow: heap buffer overflow in crafted TGA file [fedora-34] https://bugzilla.redhat.com/show_bug.cgi?id=2087612
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |RAWHIDE
https://bugzilla.redhat.com/show_bug.cgi?id=2087609 Bug 2087609 depends on bug 2087611, which changed state.
Bug 2087611 Summary: CVE-2022-30595 mingw-python-pillow: python-pillow: heap buffer overflow in crafted TGA file [fedora-34] https://bugzilla.redhat.com/show_bug.cgi?id=2087611
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |RAWHIDE
https://bugzilla.redhat.com/show_bug.cgi?id=2087609 Bug 2087609 depends on bug 2087610, which changed state.
Bug 2087610 Summary: CVE-2022-30595 python-pillow: heap buffer overflow in crafted TGA file [fedora-35] https://bugzilla.redhat.com/show_bug.cgi?id=2087610
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |RAWHIDE
https://bugzilla.redhat.com/show_bug.cgi?id=2087609
--- Comment #3 from Product Security DevOps Team prodsec-dev@redhat.com --- This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
https://access.redhat.com/security/cve/cve-2022-30595
https://bugzilla.redhat.com/show_bug.cgi?id=2087609
Product Security DevOps Team prodsec-dev@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |NOTABUG Status|NEW |CLOSED Last Closed| |2022-06-13 11:50:04
https://bugzilla.redhat.com/show_bug.cgi?id=2087609
--- Doc Text *updated* by Sandipan Roy saroy@redhat.com --- A heap buffer overflow vulnerability was found in python-pillow. This security vulnerability occurs when reading a TGA file with RLE packets that cross scan lines, Pillow reads the information past the end of the first line without deducting that from the length of the remaining file data.
https://bugzilla.redhat.com/show_bug.cgi?id=2087609
Sandipan Roy saroy@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed In Version| |python-pillow 9.1.1
https://bugzilla.redhat.com/show_bug.cgi?id=2087609
--- Doc Text *updated* by RaTasha Tillery-Smith rtillery@redhat.com --- A heap buffer overflow vulnerability was found in python-pillow. This security vulnerability occurs when reading a TGA file with RLE packets that cross scan lines, where pillow reads the information past the end of the first line without deducting that from the length of the remaining file data.
epel-packagers-sig@lists.fedoraproject.org