Lucene search

K

GoogleOSV:GHSA-Q4MP-JVH2-76FJ

HistoryNov 14, 2022 - 12:00 p.m.

Pillow subject to DoS via SAMPLESPERPIXEL tag

2022-11-1412:00:15

Google

osv.dev

10

0.002 Low

EPSS

Percentile

53.4%

Pillow starting with 9.2.0 and prior to 9.3.0 allows denial of service via SAMPLESPERPIXEL. A large value in the SAMPLESPERPIXEL tag could lead to a memory and runtime DOS in TiffImagePlugin.py when setting up the context for image decoding. This issue has been patched in version 9.3.0.

CPENameOperatorVersion
pilloweq9.2.0

References

bugs.gentoo.org/878769

github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-42980.yaml

github.com/python-pillow/Pillow

github.com/python-pillow/Pillow/commit/2444cddab2f83f28687c7c20871574acbb6dbcf3

github.com/python-pillow/Pillow/pull/6700

github.com/python-pillow/Pillow/releases/tag/9.3.0

nvd.nist.gov/vuln/detail/CVE-2022-45199

security.gentoo.org/glsa/202211-10

0.002 Low

EPSS

Percentile

53.4%

Related for OSV:GHSA-Q4MP-JVH2-76FJ

osv3 github1 prion1 veracode1 cvelist1 ubuntucve1 nessus14 cve1 debiancve1 openvas12 redos1 gentoo1 oracle1