Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2022-45198

Published: 14 November 2022

Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).

Notes

AuthorNote
mdeslaur
gif decompression bomb issue
Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
pillow
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code-not-present)
focal
Released (7.0.0-4ubuntu0.7)
jammy
Released (9.0.1-1ubuntu0.1)
kinetic Not vulnerable
(9.2.0-1)
trusty Not vulnerable
(code-not-present)
upstream
Released (9.2.0-1)
xenial Not vulnerable
(code-not-present)
Patches:
upstream: https://github.com/python-pillow/Pillow/commit/c9f1b35e981075110a23487a8d4a6cbb59a588ea
pillow-python2
Launchpad, Ubuntu, Debian
bionic Does not exist

focal
Released (6.2.1-3ubuntu0.1~esm1)
jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist