View all vulnerabilities

CVE-2022-22815

Improper Initialization in Pillow

Pillow is the friendly PIL (Python Imaging Library) fork. `path_getbbox` in `path.c` in Pillow before 9.0.0 improperly initializes `ImagePath.Path`.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Vulnerability Details
Score
6.4
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Affected Versions
pillow < 9.0.0
Severity
Medium
Ecosystem
Python
Publish Date
January 12, 2022
Modified Date
October 14, 2024