CVE-2021-25290

CVE-2021-25290

EPSS 2.4%

An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html https://security.gentoo.org/glsa/202107-33