Pillow up to and including 8.2.0 and PIL (aka Python Imaging Library) up to and including 1.1.7 allow an malicious user to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
python pillow |
||
debian debian linux 9.0 |
||
fedoraproject fedora 33 |
||
fedoraproject fedora 34 |