PYSEC-2021-42
Pillow before 8.1.1 allows attackers to cause a denial of service memory consumption because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large...