"CVE-2022-30595: When reading a TGA file with RLE packets that cross scan lines, Pillow reads the information past the end of the first line without deducting that from the length of the remaining file data. This vulnerability was introduced in Pillow 9.1.0, and can cause a heap buffer overflow." Introduced in 9.1.0, so only unstable is affected. Please bump to 9.1.1. https://bugs.gentoo.org/845192
Created mingw-python-pillow tracking bugs for this issue: Affects: fedora-34 [bug 2087611] Affects: fedora-35 [bug 2087613] Created python-pillow tracking bugs for this issue: Affects: fedora-34 [bug 2087612] Affects: fedora-35 [bug 2087610]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-30595