CVE-2022-22816

Summary

CVE	CVE-2022-22816
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-01-10 14:12:00 UTC
Updated	2023-01-31 17:41:00 UTC
Description	path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.

Risk And Classification

Problem Types: CWE-125

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	10.0	All	All	All
Operating System	Debian	Debian Linux	11.0	All	All	All
Operating System	Debian	Debian Linux	9.0	All	All	All
Application	Python	Pillow	All	All	All	All

References

Reference	Source	Link	Tags
Debian -- Security Information -- DSA-5053-1 pillow	DEBIAN	www.debian.org
Pillow: Multiple Vulnerabilities (GLSA 202211-10) — Gentoo security	GENTOO	security.gentoo.org
9.0.0 — Pillow (PIL Fork) 9.0.0 documentation	MISC	pillow.readthedocs.io
[SECURITY] [DLA 2893-1] pillow security update	MLIST	lists.debian.org
Pillow/path.c at c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3 · python-pillow/Pillow · GitHub	MISC	github.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

159644 Oracle Enterprise Linux Security Update for python-pillow (ELSA-2022-0643)
159676 Oracle Enterprise Linux Security Update for python-pillow (ELSA-2022-0609)
179015 Debian Security Update for pillow (DSA 5053-1)
179022 Debian Security Update for pillow (DLA 2893-1)
183927 Debian Security Update for pillow (CVE-2022-22816)
198632 Ubuntu Security Notification for Pillow Vulnerabilities (USN-5227-1)
240104 Red Hat Update for python-pillow (RHSA-2022:0609)
240105 Red Hat Update for python-pillow (RHSA-2022:0643)
240109 Red Hat Update for python-pillow (RHSA-2022:0667)
240114 Red Hat Update for python-pillow (RHSA-2022:0665)
257156 CentOS Security Update for python-pillow (CESA-2022:0609)
282334 Fedora Security Update for mingw (FEDORA-2022-a1bc7decc9)
282335 Fedora Security Update for mingw (FEDORA-2022-e4087f9366)
296062 Oracle Solaris 11.4 Support Repository Update (SRU) 43.113.3 Missing (CPUJAN2022)
353267 Amazon Linux Security Advisory for python-pillow : ALAS2-2022-1786
354453 Amazon Linux Security Advisory for python-pillow : ALAS2022-2022-196
355177 Amazon Linux Security Advisory for python-pillow : ALAS2023-2023-057
377242 Alibaba Cloud Linux Security Update for python-pillow (ALINUX2-SA-2022:0014)
377325 Alibaba Cloud Linux Security Update for python-pillow (ALINUX3-SA-2022:0012)
502018 Alpine Linux Security Update for py3-pillow
502343 Alpine Linux Security Update for py3-pillow
671473 EulerOS Security Update for python-pillow (EulerOS-SA-2022-1436)
671476 EulerOS Security Update for python-pillow (EulerOS-SA-2022-1457)
671503 EulerOS Security Update for python-pillow (EulerOS-SA-2022-1514)
671507 EulerOS Security Update for python-pillow (EulerOS-SA-2022-1495)
671547 EulerOS Security Update for python-pillow (EulerOS-SA-2022-1549)
671591 EulerOS Security Update for python-pillow (EulerOS-SA-2022-1583)
671670 EulerOS Security Update for python-pillow (EulerOS-SA-2022-1760)
710682 Gentoo Linux Pillow Multiple Vulnerabilities (GLSA 202211-10)
940457 AlmaLinux Security Update for python-pillow (ALSA-2022:0643)
960856 Rocky Linux Security Update for python-pillow (RLSA-2022:0643)