Lucene search
Veracode Vulnerability DatabaseVERACODE:30048HistoryApr 20, 2021 - 7:37 a.m.
Denial Of Service (DoS) Via Infinite Loop
2021-04-2007:37:29
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
0.003 Low
EPSS
Percentile
71.8%
pillow is vulnerable to denial of service attacks. Lack of necessary checks in FliDecode allow the value of advance to remain zero, triggering an infinite loop.
References
github.com/PrincetonUniversity/PsyNeuLink/pull/1982
github.com/python-pillow/Pillow/commit/bb6c11fb889e6c11b0ee122b828132ee763b5856
github.com/python-pillow/Pillow/pull/5377
lists.debian.org/debian-lts-announce/2021/07/msg00018.html
lists.fedoraproject.org/archives/list/[email protected]/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28676-fix-fli-dos
security.gentoo.org/glsa/202107-33
Related
github
github
Potential infinite loop in Pillow
2021-06-08 18:48:53
alpinelinux
alpinelinux
CVE-2021-28676
2021-06-02 16:15:08
cnvd
cnvd
Pillow Denial of Service Vulnerability (CNVD-2021-54032)
2021-06-04 00:00:00
osv
osv
PYSEC-2021-92
2021-06-02 16:15:00
BIT-pillow-2021-28676
2024-03-06 11:03:35
Potential infinite loop in Pillow
2021-06-08 18:48:53
debiancve
debiancve
CVE-2021-28676
2021-06-02 16:15:08
redhatcve
redhatcve
CVE-2021-28676
2021-05-11 20:55:30
prion
prion
Code injection
2021-06-02 16:15:00
nvd
nvd
CVE-2021-28676
2021-06-02 16:15:08
cvelist
cvelist
CVE-2021-28676
2021-06-02 00:00:00
cve
cve
CVE-2021-28676
2021-06-02 16:15:08
ubuntucve
ubuntucve
CVE-2021-28676
2021-05-10 00:00:00
nessus
nessus
EulerOS 2.0 SP5 : python-pillow (EulerOS-SA-2021-2345)
2021-09-07 00:00:00
EulerOS Virtualization 3.0.2.0 : python-pillow (EulerOS-SA-2021-2843)
2021-12-29 00:00:00
EulerOS 2.0 SP2 : python-pillow (EulerOS-SA-2021-2432)
2021-09-14 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2021-2345)
2021-09-04 00:00:00
Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2021-2843)
2021-12-30 00:00:00
Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2021-2432)
2021-09-15 00:00:00
amazon
amazon
Important: python-pillow
2022-04-25 22:58:00
Important: python-pillow
2023-06-05 16:39:00
freebsd
freebsd
Pillow -- multiple vulnerabilities
2021-04-01 00:00:00
debian
debian
[SECURITY] [DLA 2716-1] pillow security update
2021-07-22 11:17:53
fedora
fedora
[SECURITY] Fedora 33 Update: python-pillow-7.2.0-6.fc33
2021-06-03 01:01:42
[SECURITY] Fedora 34 Update: python-pillow-8.1.2-3.fc34
2021-05-30 17:30:05
[SECURITY] Fedora 34 Update: mingw-python-pillow-8.1.2-2.fc34
2021-05-30 17:30:05
ubuntu
ubuntu
Pillow vulnerabilities
2021-05-19 00:00:00
mageia
mageia
Updated python-pillow packages fix security vulnerabilities
2021-08-06 12:33:48
gentoo
gentoo
Pillow: Multiple vulnerabilities
2021-07-14 00:00:00
rocky
rocky
python-pillow security update
2021-11-09 08:24:34
redhat
redhat
(RHSA-2021:4149) Moderate: python-pillow security update
2021-11-09 08:24:34
almalinux
almalinux
Moderate: python-pillow security update
2021-11-09 08:24:34