An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.
{ "ubuntu_priority": "medium", "availability": "No subscription required", "binaries": [ { "binary_name": "python-pil", "binary_version": "5.1.0-1ubuntu0.5" }, { "binary_name": "python-pil-dbg", "binary_version": "5.1.0-1ubuntu0.5" }, { "binary_name": "python-pil-doc", "binary_version": "5.1.0-1ubuntu0.5" }, { "binary_name": "python-pil.imagetk", "binary_version": "5.1.0-1ubuntu0.5" }, { "binary_name": "python-pil.imagetk-dbg", "binary_version": "5.1.0-1ubuntu0.5" }, { "binary_name": "python3-pil", "binary_version": "5.1.0-1ubuntu0.5" }, { "binary_name": "python3-pil-dbg", "binary_version": "5.1.0-1ubuntu0.5" }, { "binary_name": "python3-pil.imagetk", "binary_version": "5.1.0-1ubuntu0.5" }, { "binary_name": "python3-pil.imagetk-dbg", "binary_version": "5.1.0-1ubuntu0.5" } ] }
{ "ubuntu_priority": "medium", "availability": "No subscription required", "binaries": [ { "binary_name": "python-pil-doc", "binary_version": "7.0.0-4ubuntu0.3" }, { "binary_name": "python3-pil", "binary_version": "7.0.0-4ubuntu0.3" }, { "binary_name": "python3-pil-dbg", "binary_version": "7.0.0-4ubuntu0.3" }, { "binary_name": "python3-pil.imagetk", "binary_version": "7.0.0-4ubuntu0.3" }, { "binary_name": "python3-pil.imagetk-dbg", "binary_version": "7.0.0-4ubuntu0.3" } ] }