PYSEC-2022-42980: affected range is wrong #118
Description
I'm opening an issue rather than a PR for two reasons: 1. I'm not super familiar with the tooling and am not primarily a Python dev so not sure if it would be enough for me to just edit the advisory via GitHub UI, and 2. it sounds like this database primarily pulls from nvd.nist.gov for which this advisory looks wrong - https://nvd.nist.gov/vuln/detail/CVE-2022-45199 says that it impacts all versions up to v9.3.0 whereas GHSA-q4mp-jvh2-76fj says it only impacts versions between 9.2.0 and 9.3.0 which matches python-pillow/Pillow#6700 which says:
This was introduced in Pillow 9.2.0, found with OSS-Fuzz and fixed by limiting SAMPLESPERPIXEL to the number of planes that we can decode.