High severityNVD Advisory· Published Nov 14, 2022· Updated Aug 3, 2024
CVE-2022-45198
CVE-2022-45198
Description
Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pillowPyPI | < 9.2.0 | 9.2.0 |
Affected products
6- Pillow/Pillowdescription
- osv-coords5 versionspkg:bitnami/pillowpkg:pypi/pillowpkg:rpm/opensuse/python-Pillow&distro=openSUSE%20Leap%2015.5pkg:rpm/suse/python-Pillow&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/python-Pillow&distro=SUSE%20Package%20Hub%2015%20SP5
< 9.2.0+ 4 more
- (no CPE)range: < 9.2.0
- (no CPE)range: < 9.2.0
- (no CPE)range: < 7.2.0-150300.3.18.1
- (no CPE)range: < 7.2.0-150300.3.18.1
- (no CPE)range: < 8.4.0-bp155.3.9.1
Patches
Vulnerability mechanics
References
10- github.com/advisories/GHSA-m2vv-5vj5-2hm7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-45198ghsaADVISORY
- security.gentoo.org/glsa/202211-10ghsavendor-advisoryWEB
- bugs.gentoo.org/855683ghsaWEB
- cwe.mitre.org/data/definitions/409.htmlghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-42979.yamlghsaWEB
- github.com/python-pillow/Pillow/commit/11918eac0628ec8ac0812670d9838361ead2d6a4ghsaWEB
- github.com/python-pillow/Pillow/pull/6402ghsaWEB
- github.com/python-pillow/Pillow/pull/6402/commits/c9f1b35e981075110a23487a8d4a6cbb59a588eaghsaWEB
- github.com/python-pillow/Pillow/releases/tag/9.2.0ghsaWEB
News mentions
0No linked articles in our index yet.