You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Descreva a vulnerabilidade de segurança (se houver CVE, coloque como
referência)
CWE-400
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.
Patches
An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.
Workarounds
An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.
Descreva a vulnerabilidade de segurança (se houver CVE, coloque como
referência)
CWE-400
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.
Patches
An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.
Workarounds
An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-27921
For more information
If you have any questions or comments about this advisory:
Open an issue in example link to repo
Email us at example email address
References
GHSA-jgpv-4h4c-xhw3
Classifique a prioridade de correção, de acordo com a severidade da
vulnerabilidade 90 dias
The text was updated successfully, but these errors were encountered: