CVE Vulnerabilities

CVE-2022-45198

Published: Nov 14, 2022 | Modified: Jan 10, 2023

CVSS 3.x

7.5

HIGH

Source:

NVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS 2.x

RedHat/V2

RedHat/V3

Ubuntu

LOW

Additional information

NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-45198
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).

Affected Software

Name	Vendor	Start Version	End Version
Pillow	Python	*	9.2.0 (excluding)
Pillow	Ubuntu	focal	*
Pillow	Ubuntu	jammy	*
Pillow	Ubuntu	trusty	*
Pillow	Ubuntu	upstream	*
Pillow	Ubuntu	xenial	*
Pillow-python2	Ubuntu	esm-apps/focal	*
Pillow-python2	Ubuntu	focal	*

References

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.

Copyright © 2024 Aqua Security Software Ltd. Privacy Policy | Terms of Use