CVE-2021-25289

Click the icon to Follow me:- twitterTelegramRedditDiscord

Summary:

An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.

Reference Links(if available):

  • https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
  • CVSS Score (if available)

    v2: / MEDIUM

    v3: /

    Links to Exploits(if available)