Vulnerability Details : CVE-2022-45199
Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.
Vulnerability category: Denial of service
Products affected by CVE-2022-45199
- cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-45199
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 29 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-45199
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2022-45199
-
The product does not properly control the allocation and maintenance of a limited resource.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-45199
-
https://github.com/python-pillow/Pillow/releases/tag/9.3.0
Release 9.3.0 · python-pillow/Pillow · GitHubRelease Notes;Third Party Advisory
-
https://security.gentoo.org/glsa/202211-10
Pillow: Multiple Vulnerabilities (GLSA 202211-10) — Gentoo securityThird Party Advisory
-
https://github.com/python-pillow/Pillow/pull/6700
Limit SAMPLESPERPIXEL to avoid runtime DOS by hugovk · Pull Request #6700 · python-pillow/Pillow · GitHubPatch;Third Party Advisory
-
https://github.com/python-pillow/Pillow/commit/2444cddab2f83f28687c7c20871574acbb6dbcf3
Merge pull request #6700 from hugovk/security-samples_per_pixel-sec · python-pillow/Pillow@2444cdd · GitHubPatch;Third Party Advisory
-
https://bugs.gentoo.org/878769
878769 – <dev-python/pillow-9.3.0: "runtime DOS"Issue Tracking;Patch;Third Party Advisory
Jump to