CVE-2021-25292

Опубликовано: 28 фев. 2021

Источник: redhat

CVSS3: 7.5

EPSS Низкий

Описание

An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.

A flaw was found in python-pillow. The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack.

Меры по смягчению последствий

Disable the invoice generation feature to mitigate this vulnerability in Red Hat Quay.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 7	python-pillow	Out of support scope
Red Hat Enterprise Linux 9	python-pillow	Affected
Red Hat Enterprise Linux 8	python-pillow	Fixed	RHSA-2021:4149	09.11.2021
Red Hat Quay 3	quay/quay-rhel8	Fixed	RHSA-2021:3917	19.10.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-20

https://bugzilla.redhat.com/show_bug.cgi?id=1934699python-pillow: Regular expression DoS in PDF format parser

EPSS

Процентиль: 35%

0.00147

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2021-25292

CVSS3: 6.5

ubuntu

почти 5 лет назад

An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.

CVE-2021-25292

CVSS3: 6.5

nvd

почти 5 лет назад

An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.

CVE-2021-25292

CVSS3: 6.5

debian

почти 5 лет назад

An issue was discovered in Pillow before 8.1.1. The PDF parser allows ...

GHSA-9hx2-hgq2-2g4f

CVSS3: 6.5

github

почти 5 лет назад

Regular Expression Denial of Service (ReDoS) in Pillow

SUSE-SU-2024:1673-2

suse-cvrf

больше 1 года назад

Security update for python-Pillow

EPSS

Процентиль: 35%

0.00147

Низкий

7.5 High

CVSS3