View all vulnerabilities

CVE-2022-22816

Out-of-bounds Read in Pillow

Description

path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.
Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Vulnerability Details
Score
6.4
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Affected Versions
pillow < 9.0.0
Severity
Medium
Medium
Medium
Ecosystem
Python
Publish Date
January 12, 2022
Modified Date
October 14, 2024