High severityNVD Advisory· Published May 25, 2022· Updated Aug 3, 2024
CVE-2022-30595
CVE-2022-30595
Description
libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
PillowPyPI | >= 9.1.0, < 9.1.1 | 9.1.1 |
Affected products
4- Pillow/Pillowdescription
- osv-coords3 versions
>= 9.1.0, < 9.1.1+ 2 more
- (no CPE)range: >= 9.1.0, < 9.1.1
- (no CPE)range: >= 9.1.0, < 9.1.1
- (no CPE)range: < 9.1.1-1.1
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-hr8g-f6r6-mr22ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-30595ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-43145.yamlghsaWEB
- github.com/python-pillow/Pillow/blob/main/src/libImaging/TgaRleDecode.cghsax_refsource_MISCWEB
- github.com/python-pillow/Pillow/commit/c846cc881ebe34e3518412c2e3636433d9947280ghsaWEB
- pillow.readthedocs.io/en/stable/releasenotes/9.1.1.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.