Name of the Vulnerable Software and Affected Versions Pillow versions prior to 9.3.0

Description The issue is related to decoding JPEG-compressed BLP1 data in original mode. A crash occurs due to a segmentation fault on an unknown address, specifically in the jpeg read scanlines function, which is called by ImagingJpegDecode and ultimately by decode.

Recommendations For versions prior to 9.3.0, update to version 9.3.0 or later to resolve the issue.