Pillow 9.1.1 is out with security fixes: 1. CVE-2022-30595 could cause a heap buffer overflow when reading TGA files with RLE packets that cross scan lines. 2. A decompression bomb check could be bypassed by opening an image with zero or negative height. https://pillow.readthedocs.io/en/latest/releasenotes/9.1.1.html

@pillow@fosstodon.org

@PythonPillow

Pillow 9.1.1 is out with security fixes:

1. CVE-2022-30595 could cause a heap buffer overflow when reading TGA files with RLE packets that cross scan lines.

2. A decompression bomb check could be bypassed by opening an image with zero or negative height.
https://pillow.readthedocs.io/en/latest/releasenotes/9.1.1.html

17/05/2022, 21:59:03

Favs: 3

Retweets: 3

link