Fix integer overflow in quantize_pngquant() by myagmartseren · Pull Request #9474 · python-pillow/Pillow
and others added 2 commits
March 19, 2026 16:52- Add overflow check for width * height before malloc() to prevent heap buffer overflow when the product exceeds UINT_MAX - Use size_t for total_pixels to ensure correct arithmetic on 64-bit - Replace sprintf with snprintf (consistent with CVE-2024-28219 fix) Security: CWE-190 (Integer Overflow) -> CWE-122 (Heap Buffer Overflow)
aclark4life
changed the title
Fix integer overflow in quantize_pngquant() (security)
Fix integer overflow in quantize_pngquant()
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters