CVE-2021-28678: Insufficient Verification of Data Authenticity
(updated )
An issue was discovered in Pillow For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data.
References
Detect and mitigate CVE-2021-28678 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →