Fredrik Lundh - Security Researcher - Exploit Intelligence Platform

CVE-2022-22815 WRITEUP MEDIUM WRITEUP

Pillow < 9.0.0 - Improper Initialization in ImagePath.Path

path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.

CVSS 6.5

View Code

CVE-2022-22816 WRITEUP MEDIUM WRITEUP

Pillow < 9.0.0 - Out-of-bounds Read in ImagePath.Path Initialization

path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.

CVSS 6.5

View Code

CVE-2022-30595 WRITEUP CRITICAL WRITEUP

Pillow 9.1.0 - Heap Buffer Overflow in TGA Image Processing

libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files.

CVSS 9.8

View Code