https://bugzilla.redhat.com/show_bug.cgi?id=2042522
Bug ID: 2042522 Summary: CVE-2022-22816 python-pillow: buffer over-read during initialization of ImagePath.Path in path_getbbox() in path.c Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: high Priority: high Assignee: security-response-team@redhat.com Reporter: gsuckevi@redhat.com CC: bdettelb@redhat.com, cstratak@redhat.com, epel-packagers-sig@lists.fedoraproject.org, infra-sig@lists.fedoraproject.org, manisandro@gmail.com, miminar@redhat.com, orion@nwra.com, python-maint@redhat.com, python-sig@lists.fedoraproject.org, torsava@redhat.com Target Milestone: --- Classification: Other
path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.
References: https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae... https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagep...
https://bugzilla.redhat.com/show_bug.cgi?id=2042522
Guilherme de Almeida Suckevicz gsuckevi@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |2042523, 2042524, 2042525
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=2042523 [Bug 2042523] CVE-2022-22816 python-pillow: buffer over-read during initialization of ImagePath.Path in path_getbbox() in path.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2042524 [Bug 2042524] CVE-2022-22816 mingw-python-pillow: python-pillow: buffer over-read during initialization of ImagePath.Path in path_getbbox() in path.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2042525 [Bug 2042525] CVE-2022-22816 python3-pillow: python-pillow: buffer over-read during initialization of ImagePath.Path in path_getbbox() in path.c [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=2042522
--- Comment #1 from Guilherme de Almeida Suckevicz gsuckevi@redhat.com --- Created mingw-python-pillow tracking bugs for this issue:
Affects: fedora-all [bug 2042524]
Created python-pillow tracking bugs for this issue:
Affects: fedora-all [bug 2042523]
Created python3-pillow tracking bugs for this issue:
Affects: epel-7 [bug 2042525]
https://bugzilla.redhat.com/show_bug.cgi?id=2042522
Guilherme de Almeida Suckevicz gsuckevi@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |2042533
https://bugzilla.redhat.com/show_bug.cgi?id=2042522
Sandipan Roy saroy@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed In Version| |Pillow 9.0.0
--- Doc Text *updated* --- A flaw was found in python-pillow. The vulnerability occurs due to improper initialization of image paths, which can lead to a Buffer Over-read and Improper Initialization. This flaw allows an attacker to unauthorized memory access that leads us to memory access errors, incorrect results or crashes,
https://bugzilla.redhat.com/show_bug.cgi?id=2042522
Sandipan Roy saroy@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |2048375, 2048374, 2048372, | |2048373, 2048371, 2048376
https://bugzilla.redhat.com/show_bug.cgi?id=2042522
--- Doc Text *updated* by RaTasha Tillery-Smith rtillery@redhat.com --- A flaw was found in python-pillow. The vulnerability occurs due to improper initialization of image paths, leading to a buffer over-read and improper initialization. This flaw allows an attacker to unauthorized memory access that causes memory access errors, incorrect results, or crashes.
https://bugzilla.redhat.com/show_bug.cgi?id=2042522 Bug 2042522 depends on bug 2042523, which changed state.
Bug 2042523 Summary: CVE-2022-22816 python-pillow: buffer over-read during initialization of ImagePath.Path in path_getbbox() in path.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2042523
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=2042522 Bug 2042522 depends on bug 2042524, which changed state.
Bug 2042524 Summary: CVE-2022-22816 mingw-python-pillow: python-pillow: buffer over-read during initialization of ImagePath.Path in path_getbbox() in path.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2042524
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=2042522
Sandipan Roy saroy@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Severity|high |medium Priority|high |medium
https://bugzilla.redhat.com/show_bug.cgi?id=2042522
--- Comment #7 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2022:0609 https://access.redhat.com/errata/RHSA-2022:0609
https://bugzilla.redhat.com/show_bug.cgi?id=2042522
errata-xmlrpc errata-xmlrpc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHSA-2022:0609
https://bugzilla.redhat.com/show_bug.cgi?id=2042522
--- Comment #8 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2022:0643 https://access.redhat.com/errata/RHSA-2022:0643
https://bugzilla.redhat.com/show_bug.cgi?id=2042522
errata-xmlrpc errata-xmlrpc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHSA-2022:0643
https://bugzilla.redhat.com/show_bug.cgi?id=2042522
--- Comment #9 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions
Via RHSA-2022:0669 https://access.redhat.com/errata/RHSA-2022:0669
https://bugzilla.redhat.com/show_bug.cgi?id=2042522
errata-xmlrpc errata-xmlrpc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHSA-2022:0669
https://bugzilla.redhat.com/show_bug.cgi?id=2042522
--- Comment #10 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Red Hat Enterprise Linux 8.4 Extended Update Support
Via RHSA-2022:0665 https://access.redhat.com/errata/RHSA-2022:0665
https://bugzilla.redhat.com/show_bug.cgi?id=2042522
errata-xmlrpc errata-xmlrpc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHSA-2022:0665
https://bugzilla.redhat.com/show_bug.cgi?id=2042522
--- Comment #11 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Red Hat Enterprise Linux 8.2 Extended Update Support
Via RHSA-2022:0667 https://access.redhat.com/errata/RHSA-2022:0667
https://bugzilla.redhat.com/show_bug.cgi?id=2042522
errata-xmlrpc errata-xmlrpc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHSA-2022:0667
https://bugzilla.redhat.com/show_bug.cgi?id=2042522
--- Comment #12 from Product Security DevOps Team prodsec-dev@redhat.com --- This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
https://access.redhat.com/security/cve/cve-2022-22816
https://bugzilla.redhat.com/show_bug.cgi?id=2042522
Product Security DevOps Team prodsec-dev@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |ERRATA Status|NEW |CLOSED Last Closed| |2022-03-03 00:20:48
epel-packagers-sig@lists.stg.fedoraproject.org