1194551 – (CVE-2022-22816) VUL-1: CVE-2022-22816: python-Pillow: path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.

Bug 1194551 (CVE-2022-22816) - VUL-1: CVE-2022-22816: python-Pillow: path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.

Summary: VUL-1: CVE-2022-22816: python-Pillow: path_getbbox in path.c in Pillow before...

Status:	RESOLVED FIXED

Alias:	CVE-2022-22816

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Minor
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/319807/
Whiteboard:	CVSSv3.1:SUSE:CVE-2022-22816:3.3:(AV:...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2022-01-11 15:43 UTC by Thomas Leroy
Modified:	2024-06-13 12:36 UTC (History)
CC List:	6 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Leroy 2022-01-11 15:43:35 UTC

CVE-2022-22816

path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during
initialization of ImagePath.Path.

Upstream commit:
https://github.com/python-pillow/Pillow/pull/5920/commits/c48271ab354db49cdbd740bc45e13be4f0f7993c


References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22816
https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22816
https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling

Comment 1 Thomas Leroy 2022-01-11 16:47:23 UTC

Affected codesteams:
- SUSE:SLE-12-SP3:Update:Products:Cloud8:Update    4.2.1-3.17.1    
- SUSE:SLE-12-SP4:Update:Products:Cloud9:Update    5.2.0-3.11.1
- openSUSE:Backports:SLE-15-SP3:Update             7.2.0
- openSUSE:Leap:15.3:Update                        7.2.0
- openSUSE:Factory                                 8.4.0

Comment 2 Christian Almeida de Oliveira 2022-04-06 18:52:55 UTC

Please note that SOC 8 is under LTSS, meaning only CVEs with base score higher than 7 are considered to be covered. For this CVE, it is out.

https://build.opensuse.org/request/show/967161 is accepted.

Back to Security team.

Comment 5 Swamp Workflow Management 2022-05-18 19:17:12 UTC

SUSE-SU-2022:1729-1: An update that solves 17 vulnerabilities, contains two features and has one errata is now available.

Category: security (important)
Bug References: 1118088,1179534,1184177,1186380,1189390,1189794,1192070,1192073,1192075,1193597,1193688,1193752,1194521,1194551,1194552,1194952,1194954,1199138
CVE References: CVE-2018-19787,CVE-2020-27783,CVE-2021-28957,CVE-2021-38155,CVE-2021-40085,CVE-2021-41182,CVE-2021-41183,CVE-2021-41184,CVE-2021-43813,CVE-2021-43818,CVE-2021-44716,CVE-2022-22815,CVE-2022-22816,CVE-2022-22817,CVE-2022-23451,CVE-2022-23452,CVE-2022-29970
JIRA References: SOC-11620,SOC-11621
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    grafana-6.7.4-3.26.1, openstack-barbican-7.0.1~dev24-3.14.1, openstack-cinder-13.0.10~dev24-3.34.2, openstack-heat-gbp-14.0.1~dev4-3.9.1, openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1, openstack-ironic-11.1.5~dev18-3.28.2, openstack-keystone-14.2.1~dev9-3.28.2, openstack-neutron-13.0.8~dev206-3.40.1, openstack-neutron-gbp-14.0.1~dev33-3.31.1, python-Pillow-5.2.0-3.17.1, python-XStatic-jquery-ui-1.13.0.1-4.3.1, python-lxml-4.2.4-3.3.1, release-notes-suse-openstack-cloud-9.20220413-3.30.1, rubygem-sinatra-1.4.6-4.3.1
SUSE OpenStack Cloud 9 (src):    ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1, grafana-6.7.4-3.26.1, openstack-barbican-7.0.1~dev24-3.14.1, openstack-cinder-13.0.10~dev24-3.34.2, openstack-heat-gbp-14.0.1~dev4-3.9.1, openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1, openstack-ironic-11.1.5~dev18-3.28.2, openstack-keystone-14.2.1~dev9-3.28.2, openstack-neutron-13.0.8~dev206-3.40.1, openstack-neutron-gbp-14.0.1~dev33-3.31.1, python-Pillow-5.2.0-3.17.1, python-XStatic-jquery-ui-1.13.0.1-4.3.1, python-lxml-4.2.4-3.3.1, release-notes-suse-openstack-cloud-9.20220413-3.30.1, venv-openstack-barbican-7.0.1~dev24-3.35.2, venv-openstack-cinder-13.0.10~dev24-3.38.1, venv-openstack-designate-7.0.2~dev2-3.35.1, venv-openstack-glance-17.0.1~dev30-3.33.1, venv-openstack-heat-11.0.4~dev4-3.35.1, venv-openstack-horizon-14.1.1~dev11-4.39.1, venv-openstack-ironic-11.1.5~dev18-4.33.1, venv-openstack-keystone-14.2.1~dev9-3.36.1, venv-openstack-magnum-7.2.1~dev1-4.35.1, venv-openstack-manila-7.4.2~dev60-3.41.1, venv-openstack-monasca-2.7.1~dev10-3.37.1, venv-openstack-monasca-ceilometer-1.8.2~dev3-3.35.1, venv-openstack-neutron-13.0.8~dev206-6.39.1, venv-openstack-nova-18.3.1~dev91-3.39.1, venv-openstack-octavia-3.2.3~dev7-4.35.1, venv-openstack-sahara-9.0.2~dev15-3.35.1, venv-openstack-swift-2.19.2~dev48-2.30.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 9 OBSbugzilla Bot 2024-05-16 07:15:03 UTC

This is an autogenerated message for OBS integration:
This bug (1194551) was mentioned in
https://build.opensuse.org/request/show/1174368 Backports:SLE-15-SP5 / python-Pillow

Comment 10 Daniel Garcia 2024-05-16 10:34:12 UTC

openSUSE:Backports:SLE-15-SP4/python-Pillow is not maintained.

Comment 11 Maintenance Automation 2024-05-17 08:30:07 UTC

SUSE-SU-2024:1673-1: An update that solves 12 vulnerabilities can now be installed.

Category: security (critical)
Bug References: 1180833, 1183101, 1183102, 1183103, 1183105, 1183107, 1183108, 1183110, 1188574, 1190229, 1194551, 1194552
CVE References: CVE-2020-35654, CVE-2021-23437, CVE-2021-25289, CVE-2021-25290, CVE-2021-25292, CVE-2021-25293, CVE-2021-27921, CVE-2021-27922, CVE-2021-27923, CVE-2021-34552, CVE-2022-22815, CVE-2022-22816
Maintenance Incident: [SUSE:Maintenance:33871](https://smelt.suse.de/incident/33871/)
Sources used:
openSUSE Leap 15.3 (src):
 python-Pillow-7.2.0-150300.3.15.1
openSUSE Leap 15.5 (src):
 python-Pillow-7.2.0-150300.3.15.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 12 Marcus Meissner 2024-05-19 13:04:56 UTC

openSUSE-SU-2024:0132-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1194551,1194552
CVE References: CVE-2022-22815,CVE-2022-22816
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP5 (src):    python-Pillow-8.4.0-bp155.3.6.1

Comment 14 Maintenance Automation 2024-06-13 12:36:34 UTC

SUSE-SU-2024:1673-2: An update that solves 12 vulnerabilities can now be installed.

Category: security (critical)
Bug References: 1180833, 1183101, 1183102, 1183103, 1183105, 1183107, 1183108, 1183110, 1188574, 1190229, 1194551, 1194552
CVE References: CVE-2020-35654, CVE-2021-23437, CVE-2021-25289, CVE-2021-25290, CVE-2021-25292, CVE-2021-25293, CVE-2021-27921, CVE-2021-27922, CVE-2021-27923, CVE-2021-34552, CVE-2022-22815, CVE-2022-22816
Maintenance Incident: [SUSE:Maintenance:33871](https://smelt.suse.de/incident/33871/)
Sources used:
SUSE Package Hub 15 15-SP6 (src):
 python-Pillow-7.2.0-150300.3.15.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.