Moole Vulnerability Database

Find real vulnerabilities before they ship

Critical

CVE-2021-25288

An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i.

VectorNETWORK

PublishedJun 02, 2021, 16:15

Published Bycve@mitre.org

Base Score

Score9.1

Package (Ecosystem)IntroducedFixedLimit

pillow(PyPI)2.4.08.2.0N/A

CWE-125

Base Score

9.1

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Base SeverityCritical

Version

3.1

Attack Vector (AV)

NETWORK