CVE-2022-45198
published 2022-11-14CVE-2022-45198: Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | pillow | < pillow 9.2.0-1 (bookworm) | pillow 9.2.0-1 (bookworm) |
| paloalto | pan-os | — | — |
| python | pillow | < 9.2.0 | 9.2.0 |
| python | pillow | >= 0 < 8.1.2+dfsg-0.3+deb11u3 | 8.1.2+dfsg-0.3+deb11u3 |
| python | pillow | >= 0 < 9.2.0-1 | 9.2.0-1 |
| python | pillow | >= 0 < 9.2.0-1 | 9.2.0-1 |
| python | pillow | >= 0 < 9.2.0-1 | 9.2.0-1 |
| python | pillow | >= 0 < 9.2.0 | 9.2.0 |
| python | pillow | >= 0 < 7.0.0-4ubuntu0.7 | 7.0.0-4ubuntu0.7 |
| python | pillow | >= 0 < 9.0.1-1ubuntu0.1 | 9.0.1-1ubuntu0.1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv9.1CRITICAL