—
OSV-2022-715
Segv on unknown address in jpeg_read_scanlines
Details
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50217 https://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.html#decode-jpeg-compressed-blp1-data-in-original-mode
``` Crash type: Segv on unknown address Crash state: jpeg_read_scanlines ImagingJpegDecode _decode ```
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / pillow
Introduced in:
c58d2817bc891c26e6b8098b8909c0eb2e7ce61b Fixed in: 9887544fafcd13cc8afcfa0c6d0f2e6facc1a8b8 Fix
pip install --upgrade 'pillow>=9887544fafcd13cc8afcfa0c6d0f2e6facc1a8b8'