Описание
Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.
A flaw was found in python-pillow. Attackers can cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.
Отчет
Disable the invoice generation feature to mitigate this vulnerability in Red Hat Quay.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | python-pillow | Out of support scope | ||
| Red Hat Enterprise Linux 9 | python-pillow | Affected | ||
| Red Hat Enterprise Linux 8 | python-pillow | Fixed | RHSA-2021:4149 | 09.11.2021 |
| Red Hat Quay 3 | quay/quay-rhel8 | Fixed | RHSA-2021:3917 | 19.10.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.
Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.
Pillow before 8.1.2 allows attackers to cause a denial of service (mem ...
EPSS
7.5 High
CVSS3