Pillow prior to 8.1.1 allows malicious users to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
python pillow |
||
fedoraproject fedora 32 |
||
fedoraproject fedora 33 |
||
fedoraproject fedora 34 |