Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added GIF decompression bomb check #6402

Merged
merged 1 commit into from
Jun 30, 2022

Conversation

radarhere
Copy link
Member

No description provided.

@radarhere radarhere added the GIF label Jun 30, 2022
@radarhere radarhere merged commit 884437f into python-pillow:main Jun 30, 2022
@radarhere radarhere deleted the gif_decompression_bomb branch June 30, 2022 04:03
radarhere added a commit to radarhere/Pillow that referenced this pull request Jun 30, 2022
radarhere added a commit to radarhere/Pillow that referenced this pull request Jun 30, 2022
mergify bot added a commit that referenced this pull request Jun 30, 2022
@ajakk
Copy link

ajakk commented Jul 2, 2022

So, should this get a CVE as a DoS vulnerability fix?

@radarhere
Copy link
Member Author

I don't think so. None of our other _decompression_bomb_check calls have warranted CVEs.

@risicle
Copy link

risicle commented Nov 20, 2022

It's happened :D

CVE-2022-45198

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants