Denial of Service Vulnerability in Pillow by Python Imaging Library
CVE-2021-27922

7.5HIGH

Key Information:

Vendor

Python

Status
Pillow
Vendor
CVE Published:
3 March 2021

What is CVE-2021-27922?

The Pillow library, a popular Python Imaging Library, contains a vulnerability that allows attackers to trigger a denial of service (DoS) condition by exploiting improper size validation of images contained within ICNS files. When an attacker submits an image with an excessively large reported size, the library may attempt to allocate an immense amount of memory, leading to potential server downtime and degraded performance. This vulnerability emphasizes the importance of ensuring robust size validation checks to prevent resource exhaustion and maintain the stability of applications relying on image processing.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.