CVE-2021-28677 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2021-28677 Interim 1 12 2023-02-10T00:51:33Z current 2021-05-30T14:49:14Z 2023-02-10T00:51:33Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2021-28677 An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a DoS of Pillow in the open phase, before an image was accepted for opening. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2021-June/008981.html E-Mail link for SUSE-SU-2021:1938-1 https://lists.suse.com/pipermail/sle-security-updates/2021-June/008982.html E-Mail link for SUSE-SU-2021:1939-1 https://lists.suse.com/pipermail/sle-security-updates/2021-June/008989.html E-Mail link for SUSE-SU-2021:1940-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings HPE Helion OpenStack 8 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 python-Pillow python-Pillow-2.8.1-4.22.1 python-Pillow-4.2.1-3.14.1 python-Pillow-5.2.0-3.8.1 python-Pillow-4.2.1-3.14.1 as a component of HPE Helion OpenStack 8 python-Pillow-2.8.1-4.22.1 as a component of SUSE OpenStack Cloud 7 python-Pillow-4.2.1-3.14.1 as a component of SUSE OpenStack Cloud 8 python-Pillow-5.2.0-3.8.1 as a component of SUSE OpenStack Cloud 9 python-Pillow-4.2.1-3.14.1 as a component of SUSE OpenStack Cloud Crowbar 8 python-Pillow-5.2.0-3.8.1 as a component of SUSE OpenStack Cloud Crowbar 9 python-Pillow as a component of HPE Helion OpenStack 8 python-Pillow as a component of SUSE OpenStack Cloud 8 python-Pillow as a component of SUSE OpenStack Cloud 9 python-Pillow as a component of SUSE OpenStack Cloud Crowbar 8 python-Pillow as a component of SUSE OpenStack Cloud Crowbar 9 An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a DoS of Pillow in the open phase, before an image was accepted for opening. CVE-2021-28677 HPE Helion OpenStack 8:python-Pillow-4.2.1-3.14.1 SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.22.1 SUSE OpenStack Cloud 8:python-Pillow-4.2.1-3.14.1 SUSE OpenStack Cloud 9:python-Pillow-5.2.0-3.8.1 SUSE OpenStack Cloud Crowbar 8:python-Pillow-4.2.1-3.14.1 SUSE OpenStack Cloud Crowbar 9:python-Pillow-5.2.0-3.8.1 HPE Helion OpenStack 8:python-Pillow SUSE OpenStack Cloud 8:python-Pillow SUSE OpenStack Cloud 9:python-Pillow SUSE OpenStack Cloud Crowbar 8:python-Pillow SUSE OpenStack Cloud Crowbar 9:python-Pillow important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H