{"id":"MGASA-2023-0164","summary":"Updated python-pillow packages fix security vulnerability","details":"libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in\nthe processing of invalid TGA image files. (CVE-2022-30595)\nImproper Handling of Highly Compressed GIF Data (Data Amplification).\n(CVE-2022-45198)\n","modified":"2026-04-16T00:11:18.445740567Z","published":"2023-05-16T19:17:40Z","upstream":["CVE-2022-30595","CVE-2022-45198"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2023-0164.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=31019"},{"type":"WEB","url":"https://github.com/python-pillow/Pillow/releases/tag/9.1.1"}],"affected":[{"package":{"name":"python-pillow","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/python-pillow?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.2.0-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0164.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}