Описание
Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| pillow | fixed | 12.1.1-1 | package | |
| pillow | not-affected | bookworm | package | |
| pillow | not-affected | bullseye | package |
Примечания
https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc
Introduced with fix for https://github.com/python-pillow/Pillow/pull/7706
Introduced with: https://github.com/python-pillow/Pillow/commit/c2907dc04967109391a77eea00f7d583a0a0395f (10.3.0)
Fixed by: https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa (12.1.1)
EPSS
Связанные уязвимости
Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.
Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.
Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.
Pillow affected by out-of-bounds write when loading PSD images
EPSS