VDB
BDU%3A2022-02242
BDU%3A2022-02242
PUBLISHED
CVSS 7.800000190734863 HIGH
Уязвимость функции getrgb библиотеки для работы с растровой графикой Pillow, позволяющая нарушителю вызвать отказ в обслуживании
Risk Scores
CVSS 2.0
7.800000190734863
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Сообщество свободного программного обеспечения, Canonical Ltd., Red Hat Inc., Fedora Project, ООО «РусБИТех-Астра», Uploadcare, LLC, АО "НППКТ", АО «ИВК» | Debian GNU/Linux, Ubuntu, Red Hat Quay, Fedora, Astra Linux Special Edition (запись в едином реестре российских программ №369), Pillow, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), АЛЬТ СП 10 |
Exploit Intelligence
- https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b (circl)
- https://nvd.nist.gov/vuln/detail/CVE-2021-23437 (circl)
- https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html (circl)
- https://security-tracker.debian.org/tracker/CVE-2021-23437 (circl)
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443 (circl)
- https://ubuntu.com/security/notices/USN-5227-1 (circl)
- https://ubuntu.com/security/notices/USN-5227-2 (circl)
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/ (circl)
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/ (circl)
- https://access.redhat.com/security/cve/CVE-2021-23437 (circl)
…and 5 more exploits
Timeline
- Apr 14, 2022 CVE Published
- May 5, 2025 CVE Updated
- Mar 19, 2026 Distribution Patch
- Mar 19, 2026 Distribution Patch
- Mar 19, 2026 Security Advisory
- Mar 19, 2026 Security Advisory
References
- https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b url
- https://nvd.nist.gov/vuln/detail/CVE-2021-23437 url
- https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html url
- https://security-tracker.debian.org/tracker/CVE-2021-23437 url
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443 url
- https://ubuntu.com/security/notices/USN-5227-1 url
- https://ubuntu.com/security/notices/USN-5227-2 url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/ url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/ url
- https://access.redhat.com/security/cve/CVE-2021-23437 url
- https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.4.3/ url
- https://altsp.su/obnovleniya-bezopasnosti/ url
- https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0319SE17 url
- https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-0422SE72 url
- https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-0422SE47 advisory