Vulnerabilidade Uncontrolled Resource Consumption #53
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Descreva a vulnerabilidade de segurança (se houver CVE, coloque como
referência)
CWE-400
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.
Patches
An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.
Workarounds
An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-27921
For more information
If you have any questions or comments about this advisory:
Open an issue in example link to repo
Email us at example email address
References
GHSA-jgpv-4h4c-xhw3
Classifique a prioridade de correção, de acordo com a severidade da
vulnerabilidade 90 dias
The text was updated successfully, but these errors were encountered: