Showing 1 - 3 of 3

CVE-2021-28677

Status Candidate

Overview

An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a DoS of Pillow in the open phase, before an image was accepted for opening.

Related Files

Red Hat Security Advisory 2021-4149-03: Posted Nov 10, 2021; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2021-4149-03 - The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Issues addressed include buffer over-read, buffer overflow, denial of service, and out of bounds read vulnerabilities.; tags | advisory, denial of service, overflow, vulnerability, python; systems | linux, redhat; advisories | CVE-2020-35653, CVE-2020-35655, CVE-2021-25287, CVE-2021-25288, CVE-2021-25290, CVE-2021-25292, CVE-2021-25293, CVE-2021-27921, CVE-2021-27922, CVE-2021-27923, CVE-2021-28675, CVE-2021-28676, CVE-2021-28677, CVE-2021-28678, CVE-2021-34552; SHA-256 | 2805a8b0b24491d46cede2f8a3bbcc386153411f2026d13a54bf69003bb81442; Download | Favorite | View

Gentoo Linux Security Advisory 202107-33: Posted Jul 14, 2021; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202107-33 - Multiple vulnerabilities have been found in Pillow, the worst of which could result in a Denial of Service condition. Versions less than 8.2.0 are affected.; tags | advisory, denial of service, vulnerability; systems | linux, gentoo; advisories | CVE-2021-25287, CVE-2021-25288, CVE-2021-25289, CVE-2021-25290, CVE-2021-25291, CVE-2021-25292, CVE-2021-25293, CVE-2021-27921, CVE-2021-27922, CVE-2021-27923, CVE-2021-28675, CVE-2021-28676, CVE-2021-28677, CVE-2021-28678; SHA-256 | 26dda539c7762b5ab4e6b5ee029356b95a444412d1cf068eadfa5fafec5b0726; Download | Favorite | View

Ubuntu Security Notice USN-4963-1: Posted May 19, 2021; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 4963-1 - It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted file, a remote attacker could cause Pillow to crash or hand, resulting in a denial of service.; tags | advisory, remote, denial of service; systems | linux, ubuntu; advisories | CVE-2021-25287, CVE-2021-28677; SHA-256 | de48f52465aebb0c8431e57aeef88d011c83a7e40d78e098fcc06fe86b4d7706; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 219 files
Ubuntu 85 files
indoushka 77 files
Jasper Nota 25 files
Gentoo 22 files
Debian 19 files
Willem Westerhof 19 files
Jim Blankendaal 11 files
Martijn Baalman 9 files
Apple 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,096)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,553)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,689)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,482)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,736)
UNIX (9,435)
UnixWare (187)
Windows (6,671)
Other

CVE-2021-28677

Overview

Related Files

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems