You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data.
Descreva a vulnerabilidade de segurança (se houver CVE, coloque como
referência)
CVE-2021-28678
An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-28678
python-pillow/Pillow#5377
python-pillow/Pillow@496245a
https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28678-fix-blp-dos
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
https://security.gentoo.org/glsa/202107-33
Classifique a prioridade de correção, de acordo com a severidade da
vulnerabilidade 90 dias
The text was updated successfully, but these errors were encountered: