CVE-2022-45199: 
Python vulnerability analysis and mitigation

CVE-2022-45199 affects Pillow versions before 9.3.0, allowing denial of service attacks via SAMPLESPERPIXEL. The vulnerability was discovered through OSS-Fuzz and disclosed on November 14, 2022. The issue affects the Python Imaging Library (PIL) fork known as Pillow, which is widely used for image processing tasks (NVD, CVE).

The vulnerability occurs when a large value in the SAMPLESPERPIXEL tag leads to a memory and runtime denial of service in TiffImagePlugin.py during the setup of the context for image decoding. The issue was introduced in Pillow 9.2.0. The CVSS v3.1 base score is 7.5 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating a network-accessible vulnerability requiring no privileges or user interaction (NVD, Pillow PR).

The vulnerability can result in a denial of service condition when processing TIFF images with manipulated SAMPLESPERPIXEL values. This affects the availability of applications using the Pillow library to process images (NVD).

The vulnerability was fixed in Pillow version 9.3.0 by implementing a limit on SAMPLESPERPIXEL values to the number of planes that can be decoded. Users are advised to upgrade to Pillow version 9.3.0 or later to address this vulnerability (Pillow Release, Gentoo Advisory).