FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Pillow -- multiple vulnerabilities

Affected packages
		py38-pillow	<	8.2.0

Details

VuXML ID	f947aa26-b2f9-11eb-a5f7-a0f3c100ae18
Discovery	2021-04-01
Entry	2021-05-12

python-pillow reports:

This release fixes several vulnerabilities found with `OSS-Fuzz`.

`CVE-2021-25288`: Fix OOB read in Jpeg2KDecode. This dates to Pillow 2.4.0.

`CVE-2021-28675`: Fix DOS in PsdImagePlugin. This dates to the PIL fork.

`CVE-2021-28676`: Fix FLI DOS. This dates to the PIL fork.

`CVE-2021-28677`: Fix EPS DOS on _open. This dates to the PIL fork.

`CVE-2021-28678`: Fix BLP DOS. This dates to Pillow 5.1.0.

Fix memory DOS in ImageFont. This dates to the PIL fork.

[source]

References

CVE Name	CVE-2021-25288
CVE Name	CVE-2021-28675
CVE Name	CVE-2021-28676
CVE Name	CVE-2021-28677
CVE Name	CVE-2021-28678