CVE-2022-45199, GHSA-q4mp-jvh2-76fj
pypi/Pillow
Pillow subject to DoS via SAMPLESPERPIXEL tag
Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL. A large value in the SAMPLESPERPIXEL tag could lead to a memory and runtime DoS in TiffImagePlugin.py
when setting up the context for image decoding.
All versions before 9.3.0
Upgrade to version 9.3.0 or above.
2022-11-15
source |