OESA-2021-1127

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1127
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2021-1127.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2021-1127
Upstream
Published
2021-04-07T11:02:47Z
Modified
2025-08-12T05:06:29.432069Z
Summary
python-pillow security update
Details

Pillow is the friendly PIL fork by Alex Clark and Contributors. PIL is the Python Imaging Library by Fredrik Lundh and Contributors. As of 2019, Pillow development is supported by Tidelift.

Security Fix(es):

In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.(CVE-2020-35655)

Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.(CVE-2021-27921)

Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.(CVE-2021-27922)

Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.(CVE-2021-27923)

Database specific 
{
    "severity": "High"
}
References

Affected packages

openEuler:20.03-LTS / python-pillow

Package

Name
python-pillow
Purl
pkg:rpm/openEuler/python-pillow&distro=openEuler-20.03-LTS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.1.1-2.oe1

Ecosystem specific 

{
    "x86_64": [
        "python3-pillow-devel-5.3.0-13.oe1.x86_64.rpm",
        "python2-pillow-5.3.0-13.oe1.x86_64.rpm",
        "python3-pillow-5.3.0-13.oe1.x86_64.rpm",
        "python-pillow-debuginfo-5.3.0-13.oe1.x86_64.rpm",
        "python2-pillow-devel-5.3.0-13.oe1.x86_64.rpm",
        "python-pillow-debugsource-5.3.0-13.oe1.x86_64.rpm",
        "python3-pillow-qt-8.1.1-2.oe1.x86_64.rpm",
        "python3-pillow-tk-8.1.1-2.oe1.x86_64.rpm",
        "python3-pillow-8.1.1-2.oe1.x86_64.rpm",
        "python-pillow-debuginfo-8.1.1-2.oe1.x86_64.rpm",
        "python3-pillow-devel-8.1.1-2.oe1.x86_64.rpm",
        "python-pillow-debugsource-8.1.1-2.oe1.x86_64.rpm"
    ],
    "aarch64": [
        "python-pillow-debugsource-5.3.0-13.oe1.aarch64.rpm",
        "python-pillow-debuginfo-5.3.0-13.oe1.aarch64.rpm",
        "python2-pillow-devel-5.3.0-13.oe1.aarch64.rpm",
        "python3-pillow-devel-5.3.0-13.oe1.aarch64.rpm",
        "python3-pillow-5.3.0-13.oe1.aarch64.rpm",
        "python2-pillow-5.3.0-13.oe1.aarch64.rpm",
        "python-pillow-debuginfo-8.1.1-2.oe1.aarch64.rpm",
        "python-pillow-debugsource-8.1.1-2.oe1.aarch64.rpm",
        "python3-pillow-devel-8.1.1-2.oe1.aarch64.rpm",
        "python3-pillow-qt-8.1.1-2.oe1.aarch64.rpm",
        "python3-pillow-tk-8.1.1-2.oe1.aarch64.rpm",
        "python3-pillow-8.1.1-2.oe1.aarch64.rpm"
    ],
    "src": [
        "python-pillow-5.3.0-13.oe1.src.rpm",
        "python-pillow-8.1.1-2.oe1.src.rpm"
    ],
    "noarch": [
        "python3-pillow-help-5.3.0-13.oe1.noarch.rpm",
        "python2-pillow-help-5.3.0-13.oe1.noarch.rpm",
        "python3-pillow-help-8.1.1-2.oe1.noarch.rpm"
    ]
}