CVE-2022-45199
Summary
| CVE | CVE-2022-45199 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-11-14 07:15:00 UTC |
| Updated | 2023-01-10 20:11:00 UTC |
| Description | Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL. |
Risk And Classification
Problem Types: CWE-400
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Limit SAMPLESPERPIXEL to avoid runtime DOS by hugovk · Pull Request #6700 · python-pillow/Pillow · GitHub | MISC | github.com | |
| Pillow: Multiple Vulnerabilities (GLSA 202211-10) — Gentoo security | GENTOO | security.gentoo.org | |
| 878769 – <dev-python/pillow-9.3.0: "runtime DOS" | MISC | bugs.gentoo.org | |
| Merge pull request #6700 from hugovk/security-samples_per_pixel-sec · python-pillow/Pillow@2444cdd · GitHub | MISC | github.com | |
| Release 9.3.0 · python-pillow/Pillow · GitHub | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 182731 Debian Security Update for pillow (CVE-2022-45199)
- 355121 Amazon Linux Security Advisory for python-pillow : ALAS2023-2023-146
- 672628 EulerOS Security Update for python-pillow (EulerOS-SA-2023-1397)
- 672641 EulerOS Security Update for python-pillow (EulerOS-SA-2023-1369)
- 672678 EulerOS Security Update for python-pillow (EulerOS-SA-2023-1415)
- 672690 EulerOS Security Update for python-pillow (EulerOS-SA-2023-1435)
- 672773 EulerOS Security Update for python-pillow (EulerOS-SA-2023-1456)
- 672778 EulerOS Security Update for python-pillow (EulerOS-SA-2023-1481)
- 710682 Gentoo Linux Pillow Multiple Vulnerabilities (GLSA 202211-10)