---

CVE-2021-27921 - log back

CVE-2021-27921 edited at 09 Mar 2021 09:14:56
Description	- Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. + Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.
References	- https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html + https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html + https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973

CVE-2021-27921 edited at 03 Mar 2021 11:03:38
Severity	- Unknown + Low
Remote	- Unknown + Local
Type	- Unknown + Denial of service
Description	+ Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.
References	+ https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
Notes

CVE-2021-27921 created at 03 Mar 2021 10:43:53