OSV-2022-715

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/pillow/OSV-2022-715.yaml

Published

2022-08-15T00:00:50.156496Z

Modified

2022-10-30T22:16:00Z

Summary

Segv on unknown address in jpeg_read_scanlines

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50217 https://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.html#decode-jpeg-compressed-blp1-data-in-original-mode

Crash type: Segv on unknown address
Crash state:
jpeg_read_scanlines
ImagingJpegDecode
_decode

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50217

Affected packages

PyPI / pillow

Package

Name: pillow

Affected ranges

Type: GIT
Repo: https://github.com/python-pillow/Pillow
Events: Introduced

c58d2817bc891c26e6b8098b8909c0eb2e7ce61b

Fixed

9887544fafcd13cc8afcfa0c6d0f2e6facc1a8b8

Affected versions

9.*

9.1.0

9.1.1

9.2.0

Ecosystem specific

{
    "severity": null
}