Safety vulnerability ID: 40593
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Pillow 8.2.0 includes a fix for CVE-2021-25288: There is an out-of-bounds read in J2kDecode, in j2ku_gray_i.
https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
Latest version: 11.0.0
Python Imaging Library (Fork)
An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i. See CVE-2021-25288.
FEDORA:FEDORA-2021-77756994ba: https://lists.fedoraproject.org/archives/list/[email protected]/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
MISC:https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470: https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470
MISC:https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application