Buffer Overflow Vulnerability in Python Imaging Library by Pillow
CVE-2021-34552

9.8CRITICAL

Key Information:

Vendor: Python
Status: Pillow
Vendor: CVE Published:; 13 July 2021

What is CVE-2021-34552?

The Pillow and Python Imaging Library (PIL) prior to version 8.3.0 contain a buffer overflow vulnerability in the 'convert' function. Attackers can exploit this by supplying specially crafted parameters, potentially leading to memory corruption or execution of arbitrary code. This poses a significant risk as it could allow unauthorized actions on affected systems, making it crucial for users to upgrade to the latest versions to mitigate these risks.

References

https://pillow.readthedocs.io/en/stable/releasenotes/inde...

https://pillow.readthedocs.io/en/stable/releasenotes/8.3....

https://lists.debian.org/debian-lts-announce/2021/07/msg0...

mailing-list

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 13, 2021
Vulnerability Reserved
Jun 10, 2021