logo

Database

Asymmetric denial of service In pillow

Description

Segv on unknown address in jpeg_read_scanlines OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50217 https://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.html#decode-jpeg-compressed-blp1-data-in-original-mode

Crash type: Segv on unknown address
Crash state:
jpeg_read_scanlines
ImagingJpegDecode
_decode

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version

Aliases

1. OSV-OSV-2022-7152. GCVE-OSV-2022-715

References

1. https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50217

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.