CVE-2021-27922 in Python and Fedora Project Products
Published on March 3, 2021
Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.
Products Associated with CVE-2021-27922
stack.watch emails you whenever new vulnerabilities are published in Python Pillow or Fedora Project Fedora. Just hit a watch button to start following.
Exploit Probability
EPSS
0.15%
Percentile
34.73%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.