GHSA-4fx9-vc88-q2xc – pillow

Package

Manager: pip
Name: pillow
Vulnerable Version: >=0 <9.0.0

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Infinite loop in Pillow JpegImagePlugin may append an EOF marker to the end of a truncated file, so that the last segment of the data will still be processed by the decoder. If the EOF marker is not detected as such however, this could lead to an infinite loop where JpegImagePlugin keeps trying to end the file.

Metadata

Created: 2022-03-11T23:39:27Z
Modified: 2022-03-11T23:39:27Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-4fx9-vc88-q2xc/GHSA-4fx9-vc88-q2xc.json
CWE IDs: ["CWE-400"]
Alternative ID: N/A
Finding: F067
Auto approve: 1