CVE-2022-45198

Опубликовано: 14 нояб. 2022

Источник: debian

EPSS Низкий

Описание

Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).

Пакет	Статус	Версия исправления	Релиз	Тип
pillow	fixed	9.2.0-1		package
pillow	no-dsa		bullseye	package
pillow	not-affected		buster	package

https://github.com/python-pillow/Pillow/commit/11918eac0628ec8ac0812670d9838361ead2d6a4 (9.2.0)
https://github.com/python-pillow/Pillow/pull/6402

EPSS

Процентиль: 41%

0.00191

Низкий

CVE-2022-45198

CVSS3: 7.5

ubuntu

около 3 лет назад

Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).

CVE-2022-45198

CVSS3: 7.5

nvd

около 3 лет назад

Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).

openSUSE-SU-2024:0253-1

suse-cvrf

больше 1 года назад

Security update for python-Pillow

SUSE-SU-2024:2908-1

suse-cvrf

больше 1 года назад

Security update for python-Pillow

GHSA-m2vv-5vj5-2hm7

CVSS3: 7.5

github

около 3 лет назад

Pillow vulnerable to Data Amplification attack.

EPSS

Процентиль: 41%

0.00191

Низкий