PT-2022-6569 · Pillow+6 · Pillow+6

Risicle

Published

2022-07-21

Updated

2024-08-18

CVE-2022-45198

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Pillow versions prior to 9.2.0

Description The issue is related to improper handling of highly compressed GIF data, which can lead to data amplification. This can be exploited by a remote attacker to perform a denial-of-service (DoS) attack using a specially crafted GIF file.

Recommendations For Pillow versions prior to 9.2.0, update to version 9.2.0 or later to resolve the issue. As a temporary workaround, consider avoiding the use of highly compressed GIF data until the update is applied.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-409CWE-399

Related Identifiers

ALT-PU-2022-2284

ALT-PU-2023-7942

ALT-PU-2023-8182

BDU:2023-02447

BIT-PILLOW-2022-45198

CVE-2022-45198

GHSA-M2VV-5VJ5-2HM7

MGASA-2023-0164

OESA-2023-1923

OPENSUSE-SU-2024:0253-1

PYSEC-2022-42979

SUSE-SU-2024:2908-1

USN-5777-1

USN-5777-2

Affected Products

Alt Linux

Astra Linux

Debian

Linuxmint

Pillow

Red Os

Ubuntu

PT-2022-6569 · Pillow+6 · Pillow+6

CVE-2022-45198

Weakness Enumeration

Related Identifiers

Affected Products

References · 46