CVE-2021-28677 vulnerability in Python and Other Products
Published on June 2, 2021
An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a DoS of Pillow in the open phase, before an image was accepted for opening.
Products Associated with CVE-2021-28677
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-28677 are published in these products:
Exploit Probability
EPSS
0.27%
Percentile
50.57%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.