Improper Handling of Highly Compressed Data (Data Amplification)
CVE-2022-45198
Summary
Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- NONE
- HIGH
CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)
The software does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output.
References
Advisory Timeline
- Published
