{"id":"OSV-2022-715","summary":"Segv on unknown address in jpeg_read_scanlines","details":"OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50217\nhttps://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.html#decode-jpeg-compressed-blp1-data-in-original-mode\n\n```\nCrash type: Segv on unknown address\nCrash state:\njpeg_read_scanlines\nImagingJpegDecode\n_decode\n```\n","modified":"2022-10-30T22:16:00Z","published":"2022-08-15T00:00:50.156496Z","references":[{"type":"REPORT","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50217"}],"affected":[{"package":{"name":"pillow","ecosystem":"PyPI","purl":"pkg:pypi/pillow"},"ranges":[{"type":"GIT","repo":"https://github.com/python-pillow/Pillow","events":[{"introduced":"c58d2817bc891c26e6b8098b8909c0eb2e7ce61b"},{"fixed":"9887544fafcd13cc8afcfa0c6d0f2e6facc1a8b8"}]}],"versions":["9.1.0","9.1.1","9.2.0"],"ecosystem_specific":{"severity":null},"database_specific":{"source":"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/pillow/OSV-2022-715.yaml"}}],"schema_version":"1.7.3"}