CVE-2022-45199

Name of the Vulnerable Software and Affected Versions Pillow versions 9.2.0 through 9.2.x and prior to 9.3.0 can be simplified to: Pillow versions 9.2.0 through 9.3.0, but since 9.3.0 is the fixed version, the correct representation is: Pillow versions prior to 9.3.0

Description The issue is related to the Pillow library's handling of image decoding, specifically in the TiffImagePlugin.py module. A large value in the SAMPLESPERPIXEL tag can lead to a denial of service attack, causing memory and runtime exhaustion when setting up the context for image decoding.

Recommendations For Pillow versions prior to 9.3.0, update to version 9.3.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the TiffImagePlugin.py module or limiting the value of the SAMPLESPERPIXEL tag to prevent exploitation.