Pillow Out-of-bounds Read vulnerability
High severity
GitHub Reviewed
Published
Jun 8, 2021
to the GitHub Advisory Database
•
Updated Oct 9, 2024
Description
Published by the National Vulnerability Database
Jun 2, 2021
Reviewed
Jun 3, 2021
Published to the GitHub Advisory Database
Jun 8, 2021
Last updated
Oct 9, 2024
An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i. This dates to Pillow 2.4.0.
References