Pillow Denial of Service by Uncontrolled Resource Consumption
High severity
GitHub Reviewed
Published
Mar 18, 2021
to the GitHub Advisory Database
•
Updated Oct 8, 2024
Description
Published by the National Vulnerability Database
Mar 3, 2021
Reviewed
Mar 12, 2021
Published to the GitHub Advisory Database
Mar 18, 2021
Last updated
Oct 8, 2024
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.
References