https://bugzilla.redhat.com/show_bug.cgi?id=2087609
Bug ID: 2087609
Summary: CVE-2022-30595 python-pillow: heap buffer overflow in
crafted TGA file
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: saroy(a)redhat.com
CC: epel-packagers-sig(a)lists.fedoraproject.org,
infra-sig(a)lists.fedoraproject.org,
manisandro(a)gmail.com, miminar(a)redhat.com,
python-sig(a)lists.fedoraproject.org
Target Milestone: ---
Classification: Other
"CVE-2022-30595: When reading a TGA file with RLE packets that cross scan
lines, Pillow reads the information past the end of the first line without
deducting that from the length of the remaining file data. This vulnerability
was introduced in Pillow 9.1.0, and can cause a heap buffer overflow."
Introduced in 9.1.0, so only unstable is affected. Please bump to 9.1.1.
https://bugs.gentoo.org/845192
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2087609