Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.
{ "cwe_ids": [ "CWE-400" ], "github_reviewed_at": "2021-03-12T23:37:20Z", "github_reviewed": true, "nvd_published_at": "2021-03-03T09:15:00Z", "severity": "HIGH" }