OSV-2022-1074

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/pillow/OSV-2022-1074.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2022-1074

Published

2022-10-22T00:00:27.668938Z

Modified

2022-11-09T00:00:27.669183Z

Summary

Invalid-free in _dealloc

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52587

Crash type: Invalid-free
Crash state:
_dealloc
_Py_DECREF
frame_dealloc

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52587

Affected packages

PyPI / pillow

Package

Name: pillow; View open source insights on deps.dev
Purl: pkg:pypi/pillow

Affected ranges

Type: GIT
Repo: https://github.com/python-pillow/Pillow
Events: Introduced

bb2016794f1f9bf9e4726727080e1beb789823fb

Fixed

f7363c1091c70356d92e56abfca6b65bef9e7b26

Affected versions

9.*

9.1.0

9.1.1

9.2.0

Ecosystem specific

{
    "severity": null
}