-
-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unused code in FliDecode.c and _imaging.c has SAST security issue #8405
Comments
While this can be thought of as a problem by looking at that C file in isolation, Lines 154 to 156 in 731bcda
Even if you consider just the C decoding process, we have Lines 189 to 192 in 731bcda
Not saying we shouldn't fix it, merely pointing out that it should not occur in our normal operations. |
For future reference, please see our security policy on how to report potential security issues: https://github.com/python-pillow/Pillow?tab=security-ov-file#readme |
Hello!
According to the comments in _imaging.c thers is number of codecs, that must be replaced in PIL 1.2. But PIL development was discontinued 15 years ago.
One of this codecs has SAST security issue.
state->xsize
potentially be equal to zero, which will lead to division by zero exception inImagingFliDecode
. If this code is not used, I suggest remove it.Found by Linux Verification Center (linuxtesting.org) with SVACE.
Reporter: Dmitriy Karasovsky ([email protected]).
The text was updated successfully, but these errors were encountered: