CVE-2022-45198

Опубликовано: 14 нояб. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).

Ссылки

https://bugs.gentoo.org/855683
Issue Tracking
Patch
Third Party Advisory
https://cwe.mitre.org/data/definitions/409.html
Third Party Advisory
https://github.com/python-pillow/Pillow/commit/11918eac0628ec8ac0812670d9838361ead2d6a4
Patch
Third Party Advisory
https://github.com/python-pillow/Pillow/pull/6402
Patch
Third Party Advisory
https://github.com/python-pillow/Pillow/releases/tag/9.2.0
Release Notes
Third Party Advisory
https://security.gentoo.org/glsa/202211-10
Third Party Advisory
https://bugs.gentoo.org/855683
Issue Tracking
Patch
Third Party Advisory
https://cwe.mitre.org/data/definitions/409.html
Third Party Advisory
https://github.com/python-pillow/Pillow/commit/11918eac0628ec8ac0812670d9838361ead2d6a4
Patch
Third Party Advisory
https://github.com/python-pillow/Pillow/pull/6402
Patch
Third Party Advisory
https://github.com/python-pillow/Pillow/releases/tag/9.2.0
Release Notes
Third Party Advisory
https://security.gentoo.org/glsa/202211-10
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*

Версия до 9.2.0 (исключая)

EPSS

Процентиль: 41%

0.00191

Низкий

7.5 High

CVSS3

Дефекты

NVD-CWE-Other

Связанные уязвимости

CVE-2022-45198

CVSS3: 7.5

ubuntu

около 3 лет назад

Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).

CVE-2022-45198

CVSS3: 7.5

debian

около 3 лет назад

Pillow before 9.2.0 performs Improper Handling of Highly Compressed GI ...

openSUSE-SU-2024:0253-1

suse-cvrf

больше 1 года назад

Security update for python-Pillow

SUSE-SU-2024:2908-1

suse-cvrf

больше 1 года назад

Security update for python-Pillow

GHSA-m2vv-5vj5-2hm7

CVSS3: 7.5

github

около 3 лет назад

Pillow vulnerable to Data Amplification attack.

EPSS

Процентиль: 41%

0.00191

Низкий

7.5 High

CVSS3

Дефекты

NVD-CWE-Other