Out-of-Bounds Read Vulnerability in Pillow by the Python Imaging Library
CVE-2021-25293

7.5HIGH

Key Information:

Vendor: Python
Status: Pillow
Vendor: CVE Published:; 19 March 2021

What is CVE-2021-25293?

An issue has been identified in the Pillow library that allows for an out-of-bounds read operation, potentially leading to unintended memory access. This vulnerability affects versions before 8.1.1 and poses risks related to data integrity and application stability. Users are strongly encouraged to upgrade to the latest version to mitigate potential exploits. For detailed release notes, refer to the official Pillow documentation and Gentoo security advisory.

References

https://pillow.readthedocs.io/en/stable/releasenotes/8.1....

x_refsource_MISC

https://security.gentoo.org/glsa/202107-33

vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 19, 2021
Vulnerability Reserved
Jan 17, 2021