path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. https://nvd.nist.gov/vuln/detail/CVE-2022-22816