Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.
References
Configurations
History
07 Nov 2023, 03:32
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
12 Jul 2022, 17:42
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-20 |
06 Dec 2021, 18:10
Type | Values Removed | Values Added |
---|---|---|
References |
|
23 Mar 2021, 19:48
Type | Values Removed | Values Added |
---|---|---|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/ - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* |
19 Mar 2021, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
15 Mar 2021, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Mar 2021, 18:09
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html - Release Notes, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CWE | CWE-400 | |
CPE | cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:* |
03 Mar 2021, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-03-03 09:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-27923
Mitre link : CVE-2021-27923
CVE.ORG link : CVE-2021-27923
JSON object : View
Products Affected
python
- pillow
fedoraproject
- fedora
CWE
CWE-20
Improper Input Validation