Vulnerability Details : CVE-2022-45198
Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).
Products affected by CVE-2022-45198
- cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-45198
0.30%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 70 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-45198
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
References for CVE-2022-45198
-
https://security.gentoo.org/glsa/202211-10
Pillow: Multiple Vulnerabilities (GLSA 202211-10) — Gentoo securityThird Party Advisory
-
https://github.com/python-pillow/Pillow/commit/11918eac0628ec8ac0812670d9838361ead2d6a4
Merge pull request #6403 from radarhere/gif_decompression_bomb · python-pillow/Pillow@11918ea · GitHubPatch;Third Party Advisory
-
https://github.com/python-pillow/Pillow/pull/6402
Added GIF decompression bomb check by radarhere · Pull Request #6402 · python-pillow/Pillow · GitHubPatch;Third Party Advisory
-
https://cwe.mitre.org/data/definitions/409.html
CWE - CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) (4.9)Third Party Advisory
-
https://bugs.gentoo.org/855683
855683 – <dev-python/pillow-9.2.0: vulnerable to gif extent(?) decompression bombsIssue Tracking;Patch;Third Party Advisory
-
https://github.com/python-pillow/Pillow/releases/tag/9.2.0
Release 9.2.0 · python-pillow/Pillow · GitHubRelease Notes;Third Party Advisory
Jump to