CVE-2021-27922 - log back

CVE-2021-27922 edited at 09 Mar 2021 09:15:11
Description
- Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.
+ Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.
References
- https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
+ https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
+ https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973
CVE-2021-27922 edited at 03 Mar 2021 11:04:06
Severity
- Unknown
+ Low
Remote
- Unknown
+ Local
Type
- Unknown
+ Denial of service
Description
+ Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.
References
+ https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
Notes
CVE-2021-27922 created at 03 Mar 2021 10:43:53