Lucene search

K

GoogleOSV:CVE-2021-25292

HistoryMar 19, 2021 - 4:15 a.m.

CVE-2021-25292

2021-03-1904:15:13

Google

osv.dev

10

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

43.1%

An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.

CPENameOperatorVersion
pilloweq4.0.0
pilloweq1.7.6
pilloweq1.7.7
pilloweq2.9.0.dev0
pilloweq7.2.0
py3-pilloweq7.1.1-r0
pilloweq2.0.0
pilloweq2.7.0
pilloweq2.2.2
pilloweq4.0.0a

Rows per page:

1-10 of 501

References

pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html

security.gentoo.org/glsa/202107-33

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

43.1%

Related for OSV:CVE-2021-25292

veracode1 redhatcve1 cnvd1 debiancve1 osv6 github1 ubuntucve1 alpinelinux1 prion1 cve1 nessus14 openvas12 ubuntu1 fedora5 kitploit1 suse1 rocky1 gentoo1 almalinux1 redhat2 rosalinux1