Search for vulnerabilities
Vulnerability details: VCID-4qfp-jk4u-aaaf
Vulnerability ID VCID-4qfp-jk4u-aaaf
Aliases GHSA-4fx9-vc88-q2xc
GMS-2022-347
Summary Infinite loop in Pillow
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-400 Uncontrolled Resource Consumption
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1_qr LOW https://github.com/advisories/GHSA-4fx9-vc88-q2xc
cvssv3.1 6.7 https://github.com/python-pillow/Pillow
generic_textual MODERATE https://github.com/python-pillow/Pillow
generic_textual LOW https://github.com/python-pillow/Pillow/commit/baae9ec4b67c68e3adaf1208cf54e8de5e38a6fd
generic_textual LOW https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#ensure-jpegimageplugin-stops-at-the-end-of-a-truncated-file
Reference id Reference type URL
https://github.com/python-pillow/Pillow
https://github.com/python-pillow/Pillow/commit/baae9ec4b67c68e3adaf1208cf54e8de5e38a6fd
https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#ensure-jpegimageplugin-stops-at-the-end-of-a-truncated-file
GHSA-4fx9-vc88-q2xc https://github.com/advisories/GHSA-4fx9-vc88-q2xc
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/python-pillow/Pillow
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
There are no relevant records.