CVE-2021-23437

Out-of-bounds Read in pypi/Pillow

Identifier

CVE-2021-23437

Package Slug

pypi/Pillow

Vulnerability

Out-of-bounds Read

Description

The pillow package is vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.

Affected Versions

All versions before 8.3.2

Solution

Upgrade to version 8.3.2 or above.

Last Modified

2021-09-13

source