CVE-2022-45198 Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).

This could result in unexpected behaviour, like crashing the app or displaying an incorrect message. If you’re using a highly compressed GIF in your app, you should update your code as soon as possible. The affected API is: PIL.GIFEncoder. This API is used in various places in the code. For example, in the view hierarchy: from pylons import Greeting app = Reddit(profile_name='MyApp') # V1 app = Reddit(profile_name='MyApp') # V2 In both examples, the app is rendered with the highly compressed GIF. If you’re using a highly compressed GIF in your app, you should update your code as soon as possible. The affected API is: PIL.GIFEncoder. This API is used in various places in the code. For example, in the view hierarchy: In most cases, this issue will manifest itself only if you’re using highly compressed GIFs in your app. We expect most users won’t encounter this issue.

Disclosure Timeline

The affected API is: PIL.GIFEncoder. This API is used in various places in the code. For example, in the view hierarchy:
In most cases, this issue will manifest itself only if you’re using highly compressed GIFs in your app. We expect most users won’t encounter this issue.

What to do if you’re using GIFs?

It’s likely that you’re not using highly compressed GIFs in your app. If you aren’t, then there is no need to worry about this issue.
If you are already using highly compressed GIFs or have done so recently, then you should update your code as soon as possible.

Check if you’re using a highly compressed GIF

If you’re using a highly compressed GIF in your app, you should update your code as soon as possible. The affected API is: PIL.GIFEncoder. This API is used in various places in the code. For example, in the view hierarchy: from pylons import Greeting app = Reddit(profile_name='MyApp') # V1 app = Reddit(profile_name='MyApp') # V2 In both examples, the app is rendered with the highly compressed GIF. If you’re using a highly compressed GIF in your app, you should update your code as soon as possible. The affected API is: PIL.GIFEncoder. This API is used in various places in the code. For example, in the view hierarchy: This issue will manifest itself only if you’re using highly compressed GIFs in your app. We expect most users won’t encounter this issue.

Timeline

Published on: 11/14/2022 07:15:00 UTC
Last modified on: 11/22/2022 06:15:00 UTC

References