Bug 2087609 (CVE-2022-30595) - CVE-2022-30595 python-pillow: heap buffer overflow in crafted TGA file
Summary: CVE-2022-30595 python-pillow: heap buffer overflow in crafted TGA file
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2022-30595
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2087610 2087611 2087612 2087613
Blocks: 2087614
TreeView+ depends on / blocked
 
Reported: 2022-05-18 05:50 UTC by Sandipan Roy
Modified: 2022-07-01 11:36 UTC (History)
7 users (show)

Fixed In Version: python-pillow 9.1.1
Doc Type: If docs needed, set a value
Doc Text:
A heap buffer overflow vulnerability was found in python-pillow. This security vulnerability occurs when reading a TGA file with RLE packets that cross scan lines, where pillow reads the information past the end of the first line without deducting that from the length of the remaining file data.
Clone Of:
Environment:
Last Closed: 2022-06-13 11:50:04 UTC
Embargoed:

Attachments (Terms of Use)

Description Sandipan Roy 2022-05-18 05:50:32 UTC 
"CVE-2022-30595: When reading a TGA file with RLE packets that cross scan lines, Pillow reads the information past the end of the first line without deducting that from the length of the remaining file data. This vulnerability was introduced in Pillow 9.1.0, and can cause a heap buffer overflow."

Introduced in 9.1.0, so only unstable is affected. Please bump to 9.1.1.

https://bugs.gentoo.org/845192
Comment 1 Sandipan Roy 2022-05-18 05:53:28 UTC 
Created mingw-python-pillow tracking bugs for this issue:

Affects: fedora-34 [bug 2087611]
Affects: fedora-35 [bug 2087613]


Created python-pillow tracking bugs for this issue:

Affects: fedora-34 [bug 2087612]
Affects: fedora-35 [bug 2087610]
Comment 3 Product Security DevOps Team 2022-06-13 11:50:02 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-30595
Note You need to log in before you can comment on or make changes to this bug.