CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS
Percentile
72.0%
python-pillow reports:
This release fixes several vulnerabilities found with OSS-Fuzz
.
CVE-2021-25288
: Fix OOB read in Jpeg2KDecode.
This dates to Pillow 2.4.0.
CVE-2021-28675
: Fix DOS in PsdImagePlugin.
This dates to the PIL fork.
CVE-2021-28676
: Fix FLI DOS.
This dates to the PIL fork.
CVE-2021-28677
: Fix EPS DOS on _open.
This dates to the PIL fork.
CVE-2021-28678
: Fix BLP DOS.
This dates to Pillow 5.1.0.
Fix memory DOS in ImageFont.
This dates to the PIL fork.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | py38-pillow | < 8.2.0 | UNKNOWN |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS
Percentile
72.0%