Aclark4Life

**Name of the Vulnerable Software and Affected Versions** Pillow versions 11.2.1 through 12.1.x **Description** Passing nested lists as coordinates to APIs that accept coordinates, such as 'ImagePath.Path', 'ImageDraw.ImageDraw.polygon', and 'ImageDraw.ImageDraw.line', can cause a heap buffer overflow. This occurs because nested lists are recursively unpacked beyond the allocated buffer. A heap buffer overflow is a memory corruption issue where data is written past the end of a buffer allocated on the heap, potentially leading to crashes or arbitrary code execution. **Recommendations** Update to version 12.2.0.