Seal Security

CVE-2021-28675

Pillow denial of service

An issue was discovered in Pillow before 8.2.0. `PSDImagePlugin.PsdImageFile` lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on `Image.open` prior to `Image.load`.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading

Vulnerability Details

Score

5.4

Score Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Versions

pillow < 8.2.0

Severity

Medium

Ecosystem

Python

Publish Date

June 8, 2021

Modified Date

October 9, 2024