CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
EPSS
Percentile
69.6%
The vulnerability in the Pillow image library is related to improper internal resource management when working with highly compressed GIF data.
resources when working with highly compressed GIF data. Exploitation of the vulnerability could allow an attacker,
acting remotely, transfer a specially crafted GIF file to an application and perform a denial-of-service attack.
denial-of-service attack.
The vulnerability in the Pillow image library is due to the fact that the application does not control the
internal resource consumption in TiffImagePlugin.py when setting the context for image decoding.
image decoding. Exploitation of the vulnerability could allow an attacker acting remotely,
cause resource exhaustion by using a large value in the SAMPLESPERPIXEL tag and perform a denial of service attack.
“denial of service” attack.
A vulnerability in the libImaging/TgaRleDecode.c component of the Pillow imaging library is related to the
writing beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to affect the confidentiality of a user.
remotely, to affect confidentiality, integrity, availability of protected information.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
redos | 7.3 | x86_64 | python3-pillow | < 9.4.0-1 | UNKNOWN |