GHSA-4fx9-vc88-q2xc
Suggest an improvement- Source
- https://github.com/advisories/GHSA-4fx9-vc88-q2xc
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-4fx9-vc88-q2xc/GHSA-4fx9-vc88-q2xc.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-4fx9-vc88-q2xc
- Published
- 2022-03-11T23:39:27Z
- Modified
- 2024-12-05T05:35:12.297192Z
- Summary
- Infinite loop in Pillow
- Details
-
JpegImagePlugin may append an EOF marker to the end of a truncated file, so that the last segment of the data will still be processed by the decoder.
If the EOF marker is not detected as such however, this could lead to an infinite loop where JpegImagePlugin keeps trying to end the file.
- Database specific
{ "nvd_published_at": null, "github_reviewed_at": "2022-03-11T23:39:27Z", "github_reviewed": true, "cwe_ids": [ "CWE-400" ], "severity": "LOW" }- References
Affected packages
PyPI / pillow
Package
- Name
- pillow
- View open source insights on deps.dev
- Purl
- pkg:pypi/pillow
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed9.0.0
Affected versions
1.*
1.0
1.1
1.2
1.3
1.4
1.5
1.6
1.7.0
1.7.1
1.7.2
1.7.3
1.7.4
1.7.5
1.7.6
1.7.7
1.7.8
2.*
2.0.0
2.1.0
2.2.0
2.2.1
2.2.2
2.3.0
2.3.1
2.3.2
2.4.0
2.5.0
2.5.1
2.5.2
2.5.3
2.6.0
2.6.1
2.6.2
2.7.0
2.8.0
2.8.1
2.8.2
2.9.0
3.*
3.0.0
3.1.0.rc1
3.1.0rc1
3.1.0
3.1.1
3.1.2
3.2.0
3.3.0
3.3.1
3.3.2
3.3.3
3.4.0
3.4.1
3.4.2
4.*
4.0.0
4.1.0
4.1.1
4.2.0
4.2.1
4.3.0
5.*
5.0.0
5.1.0
5.2.0
5.3.0
5.4.0.dev0
5.4.0
5.4.1
6.*
6.0.0
6.1.0
6.2.0
6.2.1
6.2.2
7.*
7.0.0
7.1.0
7.1.1
7.1.2
7.2.0
8.*
8.0.0
8.0.1
8.1.0
8.1.1
8.1.2
8.2.0
8.3.0
8.3.1
8.3.2
8.4.0