CVE-2022-45199

Pillow subject to DoS via SAMPLESPERPIXEL tag in pypi/Pillow

Identifiers

CVE-2022-45199, GHSA-q4mp-jvh2-76fj

Package Slug

pypi/Pillow

Vulnerability

Pillow subject to DoS via SAMPLESPERPIXEL tag

Description

Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL. A large value in the SAMPLESPERPIXEL tag could lead to a memory and runtime DoS in TiffImagePlugin.py when setting up the context for image decoding.

Affected Versions

All versions before 9.3.0

Solution

Upgrade to version 9.3.0 or above.

Last Modified

2022-11-15

source