Improper Handling of Highly Compressed GIF Data in Pillow by Python
CVE-2022-45198

7.5HIGH

Key Information:

Vendor: Python
Status: Pillow
Vendor: CVE Published:; 14 November 2022

What is CVE-2022-45198?

Pillow, an image processing library for Python, is vulnerable to improper handling of highly compressed GIF data prior to version 9.2.0. This vulnerability can lead to data amplification issues, which may cause resource consumption and potentially allow for Denial of Service (DoS) attacks. Users of Pillow are encouraged to upgrade to the latest version to mitigate this risk and enhance the security of their applications.

References

https://github.com/python-pillow/Pillow/commit/11918eac06...

https://github.com/python-pillow/Pillow/pull/6402

https://bugs.gentoo.org/855683

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 14, 2022
Vulnerability Reserved
Nov 14, 2022