ALAS2-2020-1412 --- python-pillowID: oval:org.secpod.oval:def:1700323 | Date: (C)2020-04-28 (M)2023-12-20 |
Class: PATCH | Family: unix |
A flaw was discovered in the way the python-pillow may allocate a large amount of memory or require a long time while processing specially crafted image files, possibly causing a denial of service. Applications that use the library to process untrusted files may be vulnerable to this flaw. A flaw was discovered in python-pillow where it does not properly restrict operations within the bounds of a memory buffer when decoding PCX images. An application that uses python-pillow to decode untrusted images may be vulnerable to this flaw, which can allow an attacker to crash the application or potentially execute code on the system