Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "5.1.0-1ubuntu0.5", "binary_name": "python-pil" }, { "binary_version": "5.1.0-1ubuntu0.5", "binary_name": "python-pil-dbg" }, { "binary_version": "5.1.0-1ubuntu0.5", "binary_name": "python-pil-doc" }, { "binary_version": "5.1.0-1ubuntu0.5", "binary_name": "python-pil.imagetk" }, { "binary_version": "5.1.0-1ubuntu0.5", "binary_name": "python-pil.imagetk-dbg" }, { "binary_version": "5.1.0-1ubuntu0.5", "binary_name": "python3-pil" }, { "binary_version": "5.1.0-1ubuntu0.5", "binary_name": "python3-pil-dbg" }, { "binary_version": "5.1.0-1ubuntu0.5", "binary_name": "python3-pil.imagetk" }, { "binary_version": "5.1.0-1ubuntu0.5", "binary_name": "python3-pil.imagetk-dbg" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "7.0.0-4ubuntu0.3", "binary_name": "python-pil-doc" }, { "binary_version": "7.0.0-4ubuntu0.3", "binary_name": "python3-pil" }, { "binary_version": "7.0.0-4ubuntu0.3", "binary_name": "python3-pil-dbg" }, { "binary_version": "7.0.0-4ubuntu0.3", "binary_name": "python3-pil.imagetk" }, { "binary_version": "7.0.0-4ubuntu0.3", "binary_name": "python3-pil.imagetk-dbg" } ] }