Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-JGPV-4H4C-XHW3
HistoryApr 23, 2021 - 4:54 p.m.

Uncontrolled Resource Consumption in pillow

2021-04-2316:54:36
CWE-400
GitHub Advisory Database
github.com
61
JSON

Impact

Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.

Patches

An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.

Workarounds

An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.

References

https://nvd.nist.gov/vuln/detail/CVE-2021-27921

For more information

If you have any questions or comments about this advisory:

CPENameOperatorVersion
pillowlt8.1.1

Related

veracode 1
osv 8
prion 1
ubuntucve 1
redhatcve 1
debiancve 1
cve 1
alpinelinux 1
github 1
fedora 7
ubuntu 1
nessus 15
suse 1
gentoo 1
rocky 1
redhat 2
almalinux 1
rosalinux 1
veracode
veracode
Denial Of Service (DoS)
2021-03-12 05:18:39
osv
osv
PYSEC-2021-40
2021-03-03 09:15:00
BIT-pillow-2021-27921
2024-03-06 11:04:11
CVE-2021-27921
2021-03-03 09:15:14
prion
prion
Design/Logic Flaw
2021-03-03 09:15:00
ubuntucve
ubuntucve
CVE-2021-27921
2021-03-03 00:00:00
redhatcve
redhatcve
CVE-2021-27921
2021-03-04 19:39:50
debiancve
debiancve
CVE-2021-27921
2021-03-03 09:15:00
cve
cve
CVE-2021-27921
2021-03-03 09:15:00
alpinelinux
alpinelinux
CVE-2021-27921
2021-03-03 09:15:00
github
github
Pillow Denial of Service by Uncontrolled Resource Consumption
2021-03-18 19:55:13
fedora
fedora
[SECURITY] Fedora 34 Update: python-pillow-8.1.2-1.fc34
2021-03-19 20:28:49
[SECURITY] Fedora 34 Update: mingw-python-pillow-8.1.2-1.fc34
2021-03-19 20:28:49
[SECURITY] Fedora 33 Update: mingw-python-pillow-7.2.0-5.fc33
2021-03-15 01:20:06
ubuntu
ubuntu
Pillow vulnerabilities
2021-03-11 00:00:00
nessus
nessus
EulerOS 2.0 SP8 : python-pillow (EulerOS-SA-2021-2314)
2021-08-10 00:00:00
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Pillow vulnerabilities (USN-4763-1)
2021-03-23 00:00:00
Fedora 32 : python-pillow / python2-pillow (2021-0ece308612)
2021-03-15 00:00:00
suse
suse
Security update for python-CairoSVG, python-Pillow (moderate)
2021-08-10 00:00:00
gentoo
gentoo
Pillow: Multiple vulnerabilities
2021-07-14 00:00:00
rocky
rocky
python-pillow security update
2021-11-09 08:24:34
redhat
redhat
(RHSA-2021:4149) Moderate: python-pillow security update
2021-11-09 08:24:34
(RHSA-2021:3917) Important: Red Hat Quay v3.6.0 security, bug fix and enhancement update
2021-10-19 12:05:33
almalinux
almalinux
Moderate: python-pillow security update
2021-11-09 08:24:34
rosalinux
rosalinux
Advisory ROSA-SA-2021-1957
2021-07-02 18:03:40
JSON
Related for GHSA-JGPV-4H4C-XHW3
veracode1osv8prion1ubuntucve1redhatcve1debiancve1cve1alpinelinux1github1fedora7ubuntu1nessus15suse1gentoo1rocky1redhat2almalinux1rosalinux1