CVE-2022-45199 Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.
This issue was disclosed to the third party vendor who has confirmed the issue and is working on a patch. It has been reported that the issue is related to the size of the image to be sent to the device. The issue can be mitigated by ensuring that the size of the image sent to the device is less than 256KB. Google has also released a patch to reduce the risk of this issue - see https://github.com/Goog/g3d-engine/pull/7.
Notification API
The Android notification API allows you to send notifications using Android's notification system. It is mostly useful for apps that have a limited amount of screen space or a fixed number of screen rotations (for example, apps with widget-like interfaces).
Notifications can be delivered locally by the device or provisioned to appear on the lock screen.
Browsing security challenges
An increasing number of users now access their browsers using the HTTPS protocol, which is designed to keep browsing information private. However, this can be a security risk due to the fact that there are instances where browser settings can be tampered with. Browser-based attacks such as cross-site scripting (XSS), cross-site request forgery (CSRF), and injection vulnerabilities can all be mitigated by ensuring that your website has proper protection from these threats.
Timeline
Published on: 11/14/2022 07:15:00 UTC
Last modified on: 11/22/2022 06:15:00 UTC
References
- https://github.com/python-pillow/Pillow/pull/6700
- https://bugs.gentoo.org/878769
- https://github.com/python-pillow/Pillow/releases/tag/9.3.0
- https://github.com/python-pillow/Pillow/commit/2444cddab2f83f28687c7c20871574acbb6dbcf3
- https://security.gentoo.org/glsa/202211-10
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-45199