VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-byj9-fs2s-fua1

Vulnerability ID	VCID-byj9-fs2s-fua1
Aliases	GHSA-jgpv-4h4c-xhw3 GMS-2021-167
Summary	Uncontrolled Resource Consumption in pillow ### Impact _Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large._ ### Patches _An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image._ ### Workarounds _An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image._ ### References https://nvd.nist.gov/vuln/detail/CVE-2021-27921 ### For more information If you have any questions or comments about this advisory: * Open an issue in [example link to repo](http://example.com) * Email us at [example email address](mailto:example@example.com)
Status	Published
Exploitability	0.5
Weighted Severity	6.8
Risk	3.4
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-400	Uncontrolled Resource Consumption
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-jgpv-4h4c-xhw3
cvssv3.1	7.5	https://github.com/calix2/pyVulApp/security/advisories/GHSA-jgpv-4h4c-xhw3
cvssv3.1_qr	MODERATE	https://github.com/calix2/pyVulApp/security/advisories/GHSA-jgpv-4h4c-xhw3
generic_textual	MODERATE	https://github.com/calix2/pyVulApp/security/advisories/GHSA-jgpv-4h4c-xhw3

Reference id	Reference type	URL
		https://github.com/calix2/pyVulApp/security/advisories/GHSA-jgpv-4h4c-xhw3
GHSA-jgpv-4h4c-xhw3		https://github.com/advisories/GHSA-jgpv-4h4c-xhw3

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/calix2/pyVulApp/security/advisories/GHSA-jgpv-4h4c-xhw3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

No EPSS data available for this vulnerability.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:49:08.245776+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-jgpv-4h4c-xhw3/GHSA-jgpv-4h4c-xhw3.json	37.0.0