CVE-2021-25292

Опубликовано: 19 мар. 2021

Источник: debian

EPSS Низкий

Описание

An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
pillow	fixed	8.1.1-1		package
pillow	fixed	5.4.1-2+deb10u3	buster	package
pillow	not-affected		stretch	package

Примечания

https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
https://github.com/python-pillow/Pillow/commit/521dab94c7ab72b037bd9a83e9663401e0fd2cee
Introduced in: https://github.com/python-pillow/Pillow/commit/6207b44ab1ff4a91d8ddc7579619876d0bb191a4 (5.1.0)

EPSS

Процентиль: 35%

0.00147

Низкий

Связанные уязвимости

CVE-2021-25292

CVSS3: 6.5

ubuntu

почти 5 лет назад

An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.

CVE-2021-25292

CVSS3: 7.5

redhat

почти 5 лет назад

An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.

CVE-2021-25292

CVSS3: 6.5

nvd

почти 5 лет назад

An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.

GHSA-9hx2-hgq2-2g4f

CVSS3: 6.5

github

почти 5 лет назад

Regular Expression Denial of Service (ReDoS) in Pillow

SUSE-SU-2024:1673-2

suse-cvrf

больше 1 года назад

Security update for python-Pillow

EPSS

Процентиль: 35%

0.00147

Низкий