CVE-2021-27921 in Python and Fedora Project Products
Published on March 3, 2021
Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.
Products Associated with CVE-2021-27921
stack.watch emails you whenever new vulnerabilities are published in Python Pillow or Fedora Project Fedora. Just hit a watch button to start following.
Vulnerable Packages
The following package name and versions may be associated with CVE-2021-27921
| Package Manager | Vulnerable Package | Versions | Fixed In |
|---|---|---|---|
| pip | pillow | < 8.1.1 | 8.1.2 |
Exploit Probability
EPSS
0.42%
Percentile
61.76%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.