CVE-2021-23437
Out-of-bounds Read in pypi/Pillow
Identifiers
CVE-2021-23437
Package Slug
pypi/Pillow
Vulnerability
Out-of-bounds Read
Description
The pillow package is vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.
Affected Versions
All versions starting from 5.2.0 before 8.3.2
Solution
Upgrade to version 8.3.2 or above.
Last Modified
2021-09-13
| source |