PYSEC-2021-38 — Vulnetix

PYSEC-2021-38 PUBLISHED CVSS 8.699999809265137 HIGH

An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.

Risk Scores

CVSS v4.0

8.699999809265137

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
PyPI	pillow	0, 1.0, 1.1

Timeline

Mar 19, 2021 CVE Published
Dec 6, 2023 CVE Updated

References

https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html url
https://github.com/advisories/GHSA-9hx2-hgq2-2g4f advisory

Open in Interactive Console →