Vulnerability Description
An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Python | Pillow | < 8.2.0 |
| Fedoraproject | Fedora | 33 |
Related Weaknesses (CWE)
References
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fVendor Advisory
- https://security.gentoo.org/glsa/202107-33Third Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fVendor Advisory
- https://security.gentoo.org/glsa/202107-33Third Party Advisory
FAQ
What is CVE-2021-28675?
CVE-2021-28675 is a vulnerability with a CVSS score of 5.5 (MEDIUM). An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Imag...
How severe is CVE-2021-28675?
CVE-2021-28675 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-28675?
Check the references section above for vendor advisories and patch information. Affected products include: Python Pillow, Fedoraproject Fedora.