CVE-2021-34552

Buffer Overflow in pypi/Pillow

Identifier

CVE-2021-34552

Package Slug

pypi/Pillow

Vulnerability

Buffer Overflow

Description

Pillow and PIL (aka Python Imaging Library) allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.

Affected Versions

All versions starting from 1.0 up to 1.1.7, all versions starting from 1.2 up to 8.2.0

Solution

Upgrade to version 8.3.0 or above.

Last Modified

2021-07-17

source