Improper Initialization in ImagePath Handling in Pillow by Python
CVE-2022-22815

6.5MEDIUM

Key Information:

Vendor: Python
Status: Pillow
Vendor: CVE Published:; 10 January 2022

What is CVE-2022-22815?

An improper initialization issue was identified in the ImagePath.Path handling within the Pillow library, specifically in the path_getbbox function. This flaw affects versions prior to 9.0.0 and could lead to unexpected behavior during image processing. Users of older versions are advised to upgrade to ensure their applications remain secure.

References

https://pillow.readthedocs.io/en/stable/releasenotes/9.0....

https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e...

https://lists.debian.org/debian-lts-announce/2022/01/msg0...

mailing-list

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 10, 2022
Vulnerability Reserved
Jan 7, 2022