You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm opening an issue rather than a PR for two reasons: 1. I'm not super familiar with the tooling and am not primarily a Python dev so not sure if it would be enough for me to just edit the advisory via GitHub UI, and 2. it sounds like this database primarily pulls from nvd.nist.gov for which this advisory looks wrong - https://nvd.nist.gov/vuln/detail/CVE-2022-45199 says that it impacts all versions up to v9.3.0 whereas GHSA-q4mp-jvh2-76fj says it only impacts versions between 9.2.0 and 9.3.0 which matches python-pillow/Pillow#6700 which says:
This was introduced in Pillow 9.2.0, found with OSS-Fuzz and fixed by limiting SAMPLESPERPIXEL to the number of planes that we can decode.
The text was updated successfully, but these errors were encountered:
I'm opening an issue rather than a PR for two reasons: 1. I'm not super familiar with the tooling and am not primarily a Python dev so not sure if it would be enough for me to just edit the advisory via GitHub UI, and 2. it sounds like this database primarily pulls from nvd.nist.gov for which this advisory looks wrong - https://nvd.nist.gov/vuln/detail/CVE-2022-45199 says that it impacts all versions up to v9.3.0 whereas GHSA-q4mp-jvh2-76fj says it only impacts versions between 9.2.0 and 9.3.0 which matches python-pillow/Pillow#6700 which says:
The text was updated successfully, but these errors were encountered: