CVE-2021-28677 in Python and Fedora Project Products
Published on June 2, 2021
An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a DoS of Pillow in the open phase, before an image was accepted for opening.
Products Associated with CVE-2021-28677
stack.watch emails you whenever new vulnerabilities are published in Python Pillow or Fedora Project Fedora. Just hit a watch button to start following.
Exploit Probability
EPSS
0.26%
Percentile
49.46%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.