Vulnerabilities

CVE-2021-28678

by Fred · 02/06/2021

An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data.

Date published : 2021-06-02

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/

https://security.gentoo.org/glsa/202107-33

Similar

Tags: Cybersecurity Alert