CVE-2022-45198 Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).

CVE-2022-45198 Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).

This could result in unexpected behaviour, like crashing the app or displaying an incorrect message. If you’re using a highly compressed GIF in your app, you should update your code as soon as possible. The affected API is: PIL.GIFEncoder. This API is used in various places in the code. For example, in the view hierarchy: from pylons import Greeting app = Reddit(profile_name='MyApp') # V1 app = Reddit(profile_name='MyApp') # V2 In both examples, the app is rendered with the highly compressed GIF. If you’re using a highly compressed GIF in your app, you should update your code as soon as possible. The affected API is: PIL.GIFEncoder. This API is used in various places in the code. For example, in the view hierarchy: In most cases, this issue will manifest itself only if you’re using highly compressed GIFs in your app. We expect most users won’t encounter this issue.

Disclosure Timeline

The affected API is: PIL.GIFEncoder. This API is used in various places in the code. For example, in the view hierarchy:
In most cases, this issue will manifest itself only if you’re using highly compressed GIFs in your app. We expect most users won’t encounter this issue.

What to do if you’re using GIFs?

It’s likely that you’re not using highly compressed GIFs in your app. If you aren’t, then there is no need to worry about this issue.
If you are already using highly compressed GIFs or have done so recently, then you should update your code as soon as possible.

Check if you’re using a highly compressed GIF

If you’re using a highly compressed GIF in your app, you should update your code as soon as possible. The affected API is: PIL.GIFEncoder. This API is used in various places in the code. For example, in the view hierarchy: from pylons import Greeting app = Reddit(profile_name='MyApp') # V1 app = Reddit(profile_name='MyApp') # V2 In both examples, the app is rendered with the highly compressed GIF. If you’re using a highly compressed GIF in your app, you should update your code as soon as possible. The affected API is: PIL.GIFEncoder. This API is used in various places in the code. For example, in the view hierarchy: This issue will manifest itself only if you’re using highly compressed GIFs in your app. We expect most users won’t encounter this issue.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe