CVE-2022-30595Out-of-bounds Write in Pillow

CWE-787Out-of-bounds WriteCWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-120Classic Buffer Overflow7 documents6 sources
Severity
9.8CRITICALNVD
EPSS
0.5%
top 34.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Python Pillow
Timeline
PublishedMay 25
Latest updateMay 26

Description

libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

PyPIpython/pillow9.1.09.1.1
Debianpython/pillow< 9.1.1-1+2
NVDpython/pillow9.1.0

🔴Vulnerability Details

4
OSV
Buffer over-flow in Pillow2022-05-26
GHSA
Buffer over-flow in Pillow2022-05-26
CVEList
CVE-2022-30595: libImaging/TgaRleDecode2022-05-25
OSV
CVE-2022-30595: libImaging/TgaRleDecode2022-05-25

📋Vendor Advisories

2
Red Hat
python-pillow: heap buffer overflow in crafted TGA file2022-05-17
Debian
CVE-2022-30595: pillow - libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the proc...2022
CVE-2022-30595 — Out-of-bounds Write in Python Pillow | cvebase