View all vulnerabilities

CVE-2021-27922

Pillow Uncontrolled Resource Consumption

Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Vulnerability Details
Score
7.5
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Versions
pillow < 8.1.2
Severity
High
Ecosystem
Python
Publish Date
March 18, 2021
Modified Date
August 15, 2025