CVE-2022-22815 path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.

CVE-2022-22815 path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.

This causes memory corruption when parsing certain input. This can result in a denial of service.

CVE-2019-15815 In path.c in Pillow before 9.0.0, a crafted ImagePath can cause a buffer overflow when decoding the image data.

CVE-2019-15810 In path.c in Pillow before 9.0.0, there is a potential for a denial of service when decoding certain crafted input.

CVE-2019-15811 In path.c in Pillow before 9.0.0, a crafted input that uses concatenation with a negative length can cause a denial of service.

CVE-2019-15812 In path.c in Pillow before 9.0.0, a crafted input of a type that Pillow doesn't handle can cause a denial of service.

CVE-2019-15813 In path.c in Pillow before 9.0.0, a crafted input that uses a NULL-terminated string can cause a denial of service.

CVE-2019-15814 In path.c in Pillow before 9.0.0, a crafted input can cause a denial of service when decoding certain data.

CVE-2019-15815 In path.c in Pillow before 9.0.0, a crafted input of a type that Pillow handles can cause a buffer overflow.

CVE-2019-15816 In path.c

Potential buffer overflow on input processing

In path.c in Pillow before 9.0.0, there is a potential for a denial of service when decoding certain crafted input because the input is too large and causes the decoder to exceed the size of allocated memory.

There is a potential denial of service in path.c in Pillow before 9.0.0 because of an integer overfl ows during decoding certain crafted input.


#1: The number of characters in the input string is too large for the character array that is used to store it.

#2: The length of a string is greater than or equal to 0xFFFFFFF and less than 256, which causes an integer overflow.

Graphics Library (GL)

The GL (Graphics Library) is a cross-platform, vendor-neutral API that provides hardware acceleration for 3D rendering.
Pillow is a library which makes it easy to use the OS's native graphics stack. It offers a higher level of abstraction than the OS's native OpenGL stack, providing both speed and quality improvements.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe