AVG-2150 log
| Package | python-pillow |
| Status | Fixed |
| Severity | Medium |
| Type | arbitrary code execution |
| Affected | 8.2.0-2 |
| Fixed | 8.3.0-1 |
| Current | 11.0.0-1 [extra] |
| Ticket | None |
| Created | Tue Jul 13 18:10:24 2021 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2021-34552 | Medium | Yes | Arbitrary code execution | Pillow through 8.2.0 allows an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c. |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 14 Jul 2021 | ASA-202107-26 | python-pillow | arbitrary code execution |