CVE-2022-22815Improper Initialization in Pillow

CWE-665Improper InitializationCWE-908Use of Uninitialized Resource13 documents7 sources
Severity
6.5MEDIUMNVD
OSV7.5
EPSS
0.1%
top 73.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Python PillowDebian Linux
Timeline
PublishedJan 10
Latest updateOct 24

Description

path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:LExploitability: 3.9 | Impact: 2.5

Affected Packages4 packages

NVDpython/pillow< 9.0.0
PyPIpython/pillow< 9.0.0
Debianpython/pillow< 8.1.2+dfsg-0.3+deb11u1+3
Ubuntupython/pillow< 5.1.0-1ubuntu0.8+5

Also affects: Debian Linux 10.0, 11.0, 9.0

🔴Vulnerability Details

7
OSV
pillow vulnerability2022-10-24
OSV
pillow vulnerabilities2022-01-17
OSV
pillow vulnerabilities2022-01-13
OSV
Improper Initialization in Pillow2022-01-12
GHSA
Improper Initialization in Pillow2022-01-12

📋Vendor Advisories

5
Ubuntu
Pillow vulnerability2022-10-24
Ubuntu
Pillow vulnerabilities2022-01-17
Ubuntu
Pillow vulnerabilities2022-01-13
Red Hat
python-pillow: improperly initializes ImagePath.Path in path_getbbox() in path.c2022-01-02
Debian
CVE-2022-22815: pillow - path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.P...2022
CVE-2022-22815 — Improper Initialization in Python | cvebase