Merge pull request #21 from radarhere/patch-2

OSV-2022-715 vulnerability resolved in Pillow 9.3.0
google · Oct 31, 2022 · 48749c0 · 48749c0
2 parents 67bcc14 + a103047
commit 48749c0
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/vulns/pillow/OSV-2022-715.yaml b/vulns/pillow/OSV-2022-715.yaml
@@ -2,6 +2,7 @@ id: OSV-2022-715
 summary: Segv on unknown address in jpeg_read_scanlines
 details: |
   OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50217
+  https://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.html#decode-jpeg-compressed-blp1-data-in-original-mode
 
   ```
   Crash type: Segv on unknown address
@@ -10,7 +11,7 @@ details: |
   ImagingJpegDecode
   _decode
   ```
-modified: '2022-10-30T00:19:42.793664Z'
+modified: '2022-10-30T22:16:00.000000Z'
 published: '2022-08-15T00:00:50.156496Z'
 references:
 - type: REPORT
@@ -25,11 +26,11 @@ affected:
     repo: https://github.com/python-pillow/Pillow
     events:
     - introduced: c58d2817bc891c26e6b8098b8909c0eb2e7ce61b
+    - fixed: 9887544fafcd13cc8afcfa0c6d0f2e6facc1a8b8
   versions:
   - 9.1.0
   - 9.1.1
   - 9.2.0
-  - 9.3.0
   ecosystem_specific:
     severity: null
 schema_version: 1.3.0