{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "fixed": "9.0.0" }, { "introduced": "0" }, { "last_affected": "9.0" }, { "introduced": "0" }, { "last_affected": "10.0" }, { "introduced": "0" }, { "last_affected": "11.0" } ] }, "events": [ { "introduced": "0" }, { "fixed": "82541b6dec8452cb612067fcebba1c5a1a2bfdc8" }, { "introduced": "0" }, { "last_affected": "82541b6dec8452cb612067fcebba1c5a1a2bfdc8" }, { "introduced": "0" }, { "last_affected": "6e28ed1f36d0eb74053af54e1eddc9c29db698cd" }, { "introduced": "0" }, { "last_affected": "204aae6682fc936f5350b3fe70335776f81480a7" } ], "repo": "https://github.com/python-pillow/pillow", "type": "GIT" } ] } ], "details": "path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.", "id": "CVE-2022-22815", "modified": "2026-04-01T23:10:11.316134074Z", "published": "2022-01-10T14:12:54.423Z", "references": [ { "type": "ADVISORY", "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html" }, { "type": "ADVISORY", "url": "https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling" }, { "type": "ADVISORY", "url": "https://security.gentoo.org/glsa/202211-10" }, { "type": "ADVISORY", "url": "https://www.debian.org/security/2022/dsa-5053" }, { "type": "ADVISORY", "url": "https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "type": "CVSS_V3" } ] }