Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2021-28678

Опубликовано: 02 июн. 2021
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 4.3
CVSS3: 5.5

Описание

An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data.

РелизСтатусПримечание
bionic

released

5.1.0-1ubuntu0.6
devel

released

8.1.2+dfsg-0.1ubuntu1
esm-infra-legacy/trusty

needs-triage

esm-infra/bionic

released

5.1.0-1ubuntu0.6
esm-infra/focal

released

7.0.0-4ubuntu0.4
esm-infra/xenial

needs-triage

focal

released

7.0.0-4ubuntu0.4
groovy

released

7.2.0-1ubuntu0.3
hirsute

released

8.1.2-1ubuntu0.1
impish

released

8.1.2+dfsg-0.1ubuntu1

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-apps/focal

needs-triage

esm-infra-legacy/trusty

DNE

focal

ignored

end of standard support, was needs-triage
groovy

ignored

end of life
hirsute

DNE

impish

DNE

jammy

DNE

kinetic

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

groovy

DNE

hirsute

DNE

impish

DNE

jammy

DNE

kinetic

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 30%
0.0011
Низкий

4.3 Medium

CVSS2

5.5 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2021-28678

CVSS3: 7.5
redhat
почти 5 лет назад

An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data.

nvd логотип

CVE-2021-28678

CVSS3: 5.5
nvd
больше 4 лет назад

An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data.

debian логотип

CVE-2021-28678

CVSS3: 5.5
debian
больше 4 лет назад

An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImage ...

github логотип

GHSA-hjfx-8p6c-g7gx

CVSS3: 5.5
github
больше 4 лет назад

Insufficient Verification of Data Authenticity in Pillow

suse-cvrf логотип

SUSE-SU-2024:1607-1

suse-cvrf
больше 1 года назад

Security update for python-Pillow

EPSS

Процентиль: 30%
0.0011
Низкий

4.3 Medium

CVSS2

5.5 Medium

CVSS3