1 files changed, 26 insertions, 0 deletions

diff --git a/meta-python/recipes-devtools/python/python3-pillow/0001-CVE-2022-45198.patch b/meta-python/recipes-devtools/python/python3-pillow/0001-CVE-2022-45198.patch
new file mode 100644
index 0000000000..0f0cfa7804
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-pillow/0001-CVE-2022-45198.patch
@@ -0,0 +1,26 @@
+From 7df88fc2319852ace202a650703d631200080e3b Mon Sep 17 00:00:00 2001
+From: Andrew Murray <radarhere@users.noreply.github.com>
+Date: Thu, 30 Jun 2022 12:47:35 +1000
+Subject: [PATCH] Added GIF decompression bomb check
+
+Upstream-Status: Backport [https://github.com/python-pillow/Pillow/commit/884437f8a2b953a0abd2a3b130a87fcfb438092e]
+CVE: CVE-2022-45198
+Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com>
+---
+ src/PIL/GifImagePlugin.py | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/PIL/GifImagePlugin.py b/src/PIL/GifImagePlugin.py
+index 9d8e96f..c477fdd 100644
+--- a/src/PIL/GifImagePlugin.py
++++ b/src/PIL/GifImagePlugin.py
+@@ -238,6 +238,7 @@ class GifImageFile(ImageFile.ImageFile):
+                 x1, y1 = x0 + i16(s[4:]), y0 + i16(s[6:])
+                 if x1 > self.size[0] or y1 > self.size[1]:
+                     self._size = max(x1, self.size[0]), max(y1, self.size[1])
++                    Image._decompression_bomb_check(self._size)
+                 self.dispose_extent = x0, y0, x1, y1
+                 flags = i8(s[8])
+
+--
+2.7.4