First published: Wed May 25 2022(Updated: )
libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Python Pillow | =9.1.0 | |
pip/Pillow | =9.1.0 | 9.1.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for Pillow 9.1.0 is CVE-2022-30595.
The severity of CVE-2022-30595 is critical with a severity score of 9.8.
The affected software for CVE-2022-30595 is Pillow 9.1.0.
CVE-2022-30595 is a heap buffer overflow vulnerability in the processing of invalid TGA image files in Pillow 9.1.0.
To fix CVE-2022-30595, update your Pillow installation to version 9.1.1 or later.