登录 注册
开源 企业版 高校版 私有云 模力方舟 Gitee AI
开源项目 > 人工智能 > AI-人工智能 &&
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
212 Star 915 Fork 669

GVPMindSpore/mindscience

代码 Issues 56 Pull Requests 9 Wiki 统计 流水线
服务
Issues
 / 详情

CVE-2022-45198

TODO
Bug-Report
mindspore-ci-bot
成员
创建于  
2024-11-28 19:13

一、漏洞信息
漏洞编号:CVE-2022-45198
漏洞归属组件:Pillow
漏洞归属的版本:8.2.0,>= 6.2.0
CVSS V3.0分值:
BaseScore:7.5 High
Vector:CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
漏洞简述:
Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).
漏洞公开时间:2022-11-14 15:15:10
漏洞创建时间:2024-11-28 19:13:53
漏洞详情参考链接:
https://nvd.nist.gov/vuln/detail/CVE-2022-45198

更多参考(点击展开)
参考来源 参考链接 来源链接
cve.mitre.org https://bugs.gentoo.org/855683
cve.mitre.org https://cwe.mitre.org/data/definitions/409.html
cve.mitre.org https://github.com/python-pillow/Pillow/commit/11918eac0628ec8ac0812670d9838361ead2d6a4
cve.mitre.org https://github.com/python-pillow/Pillow/pull/6402
cve.mitre.org https://github.com/python-pillow/Pillow/releases/tag/9.2.0
cve.mitre.org https://security.gentoo.org/glsa/202211-10
suse_bugzilla http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-45198 https://bugzilla.suse.com/show_bug.cgi?id=1205416
suse_bugzilla http://www.cvedetails.com/cve/CVE-2022-45198/ https://bugzilla.suse.com/show_bug.cgi?id=1205416
ubuntu https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45198 https://ubuntu.com/security/CVE-2022-45198
ubuntu https://github.com/python-pillow/Pillow/pull/6402 https://ubuntu.com/security/CVE-2022-45198
ubuntu https://ubuntu.com/security/notices/USN-5777-1 https://ubuntu.com/security/CVE-2022-45198
ubuntu https://ubuntu.com/security/notices/USN-5777-2 https://ubuntu.com/security/CVE-2022-45198
ubuntu https://nvd.nist.gov/vuln/detail/CVE-2022-45198 https://ubuntu.com/security/CVE-2022-45198
ubuntu https://launchpad.net/bugs/cve/CVE-2022-45198 https://ubuntu.com/security/CVE-2022-45198
ubuntu https://security-tracker.debian.org/tracker/CVE-2022-45198 https://ubuntu.com/security/CVE-2022-45198
debian https://security-tracker.debian.org/tracker/CVE-2022-45198
gentoo https://security.gentoo.org/glsa/202211-10
anolis https://anas.openanolis.cn/cves/detail/CVE-2022-45198
cve_search https://bugs.gentoo.org/855683
cve_search https://github.com/python-pillow/Pillow/commit/11918eac0628ec8ac0812670d9838361ead2d6a4
cve_search https://github.com/python-pillow/Pillow/pull/6402
cve_search https://github.com/python-pillow/Pillow/releases/tag/9.2.0
cve_search https://cwe.mitre.org/data/definitions/409.html
cve_search https://security.gentoo.org/glsa/202211-10
github_advisory https://cwe.mitre.org/data/definitions/409.html https://github.com/advisories/GHSA-m2vv-5vj5-2hm7
github_advisory https://nvd.nist.gov/vuln/detail/CVE-2022-45198 https://github.com/advisories/GHSA-m2vv-5vj5-2hm7
github_advisory https://github.com/python-pillow/Pillow/commit/11918eac0628ec8ac0812670d9838361ead2d6a4 https://github.com/advisories/GHSA-m2vv-5vj5-2hm7
github_advisory https://security.gentoo.org/glsa/202211-10 https://github.com/advisories/GHSA-m2vv-5vj5-2hm7
github_advisory https://bugs.gentoo.org/855683 https://github.com/advisories/GHSA-m2vv-5vj5-2hm7
github_advisory https://github.com/python-pillow/Pillow/releases/tag/9.2.0 https://github.com/advisories/GHSA-m2vv-5vj5-2hm7
github_advisory https://github.com/python-pillow/Pillow/commit/c9f1b35e981075110a23487a8d4a6cbb59a588ea https://github.com/advisories/GHSA-m2vv-5vj5-2hm7
github_advisory https://github.com/python-pillow/Pillow/pull/6402 https://github.com/advisories/GHSA-m2vv-5vj5-2hm7
mageia http://advisories.mageia.org/MGASA-2023-0164.html
osv https://security.gentoo.org/glsa/202211-10 https://osv.dev/vulnerability/CVE-2022-45198
osv https://bugs.gentoo.org/855683 https://osv.dev/vulnerability/CVE-2022-45198
osv https://github.com/python-pillow/Pillow/commit/11918eac0628ec8ac0812670d9838361ead2d6a4 https://osv.dev/vulnerability/CVE-2022-45198
osv https://github.com/python-pillow/Pillow/pull/6402 https://osv.dev/vulnerability/CVE-2022-45198
osv https://cwe.mitre.org/data/definitions/409.html https://osv.dev/vulnerability/CVE-2022-45198
osv https://github.com/python-pillow/Pillow/releases/tag/9.2.0 https://osv.dev/vulnerability/CVE-2022-45198
amazon_linux_explore https://access.redhat.com/security/cve/CVE-2022-45198 https://explore.alas.aws.amazon.com/CVE-2022-45198.html
amazon_linux_explore https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45198 https://explore.alas.aws.amazon.com/CVE-2022-45198.html

漏洞分析指导链接:
https://gitee.com/mindspore/community/blob/master/security/cve_issue_template.md
漏洞数据来源:
openBrain开源漏洞感知系统
漏洞补丁信息:

详情(点击展开)
影响的包 修复版本 修复补丁 问题引入补丁 来源
https://github.com/python-pillow/Pillow/commit/11918eac0628ec8ac0812670d9838361ead2d6a4 cve.mitre.org
https://github.com/python-pillow/Pillow/pull/6402 cve.mitre.org
https://github.com/python-pillow/Pillow/pull/6402 ubuntu
https://github.com/python-pillow/Pillow/commit/11918eac0628ec8ac0812670d9838361ead2d6a4 github_advisory
https://github.com/python-pillow/Pillow/commit/c9f1b35e981075110a23487a8d4a6cbb59a588ea github_advisory
https://github.com/python-pillow/Pillow/pull/6402 github_advisory
https://github.com/python-pillow/Pillow/commit/11918eac0628ec8ac0812670d9838361ead2d6a4 osv
https://github.com/python-pillow/Pillow/pull/6402 osv
https://bugs.gentoo.org/855683 nvd
https://cwe.mitre.org/data/definitions/409.html nvd
https://github.com/python-pillow/Pillow/commit/11918eac0628ec8ac0812670d9838361ead2d6a4 nvd
https://github.com/python-pillow/Pillow/pull/6402 nvd
https://github.com/python-pillow/Pillow/releases/tag/9.2.0 nvd
https://security.gentoo.org/glsa/202211-10 nvd
pillow https://github.com/python-pillow/Pillow/commit/c9f1b35e981075110a23487a8d4a6cbb59a588ea ubuntu

二、漏洞分析结构反馈
影响性分析说明:

MindSpore评分:

受影响版本排查(受影响/不受影响):
1.master:
2.v0.5.0:
3.v2.0.0:

评论 (1)

5518576 mindspore ci 1587902139
mindspore-ci-bot 创建了Bug-Report 4个月前
5518576 mindspore ci 1587902139
mindspore-ci-bot 添加了
 
CVE/UNFIXED
标签 4个月前
5518576 mindspore ci 1587902139
mindspore-ci-bot 添加了
 
v0.5.0
标签 4个月前
5518576 mindspore ci 1587902139
mindspore-ci-bot 添加了
 
v2.0.0
标签 4个月前
5518576 mindspore ci 1587902139
mindspore-ci-bot 添加协作者rainyhorse 4个月前
展开全部操作日志
5229366 tommylike 1578982886
TommyLike 计划开始日期2020-08-01 修改为2024-11-28 4个月前
5229366 tommylike 1578982886
TommyLike 计划截止日期2024-12-31 修改为2024-12-12 4个月前
5229366 tommylike 1578982886
TommyLike 优先级设置为主要 4个月前

登录 后才可以发表评论

状态
负责人
项目
未立项任务
未立项任务
Pull Requests
未关联
未关联
关联的 Pull Requests 被合并后可能会关闭此 issue
分支
未关联
分支 (10)
标签 (6)
master
r0.6
r0.5
r0.2
r0.3
dev-md
r0.2.0
r0.2.0-alpha
dev
r0.1
TAG_MindScience_2407_release
v0.5.0
MindFlow-v0.1.0
v0.2.0-rc1
v0.1.0
v0.1.0-rc1
预计工期 (小时)
开始日期   -   截止日期
-
置顶选项
不置顶
不置顶
置顶等级:高
置顶等级:中
置顶等级:低
优先级
主要
不指定
严重
主要
次要
不重要
标签
CVE/UNFIXED
v0.5.0
v2.0.0
里程碑
B-MBA
未关联里程碑
关联分支
请关联问题发现分支,可多选
问题后端类型
请关联问题的后端类型,可多选
关联问题类型
请关联问题单类型
问题重现类型
请选择问题重现类型
参与者(2)
5518576 mindspore ci 1587902139 rainyhorse-rainyhorse
1
https://gitee.com/mindspore/mindscience.git
git@gitee.com:mindspore/mindscience.git
mindspore
mindscience
mindscience
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
仓库举报
回到顶部