Published: 02/06/2021 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

An issue exists in Pillow prior to 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load.

Vulnerable Product	Search on Vulmon	Subscribe to Product
python pillow
fedoraproject fedora 33

Debian Bug report logs - #989062 CVE-2021-25287 CVE-2021-25288 CVE-2021-28675 CVE-2021-28676 CVE-2021-28677 CVE-2021-28678 Package: src:pillow; Maintainer for src:pillow is Matthias Klose <doko@debianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Mon, 24 May 2021 20:57:04 UTC Severity: important Tags: ...

An issue was discovered in Pillow before 820 PSDImagePluginPsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block This could lead to a DoS on Imageopen prior to Imageload (CVE-2021-28675) ...

CWE-252 https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fix-dos-in-psdimageplugin https://security.gentoo.org/glsa/202107-33 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2023-2105.html

CVE-2021-28675

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect