logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

OSV-2022-1074 pillow

Package

Manager: pip
Name: pillow
Vulnerable Version: =9.1.0 || =9.1.1 || =9.2.0 || >=bb2016794f1f9bf9e4726727080e1beb789823fb <f7363c1091c70356d92e56abfca6b65bef9e7b26

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:R

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Invalid-free in _dealloc OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52587 ``` Crash type: Invalid-free Crash state: _dealloc _Py_DECREF frame_dealloc ```

Metadata

Created: 2022-10-22T00:00:27.668938Z
Modified: 2022-11-09T00:00:27.669183Z
Source: https://osv-vulnerabilities
CWE IDs: N/A
Alternative ID: N/A
Finding: F138
Auto approve: 1