漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Pillow: Decompression Bomb DoS via PdfParser.PdfStream.decode()
Vulnerability Description
Pillow is a Python imaging library. From 5.1.0 until 12.3.0, PdfParser.PdfStream.decode() in PIL/PdfParser.py calls zlib.decompress() with bufsize set to the PDF stream Length field without bounding the decompressed output size, allowing a crafted FlateDecode PDF stream to exhaust memory from a small file. This issue is fixed in version 12.3.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
python-pillow Pillow 资源管理错误漏洞
Vulnerability Description
python-pillow Pillow是python-pillow的图像处理库。 python-pillow Pillow 5.1.0版本至12.3.0之前版本存在资源管理错误漏洞,该漏洞源于PdfParser.PdfStream.decode()函数调用zlib.decompress()时未限制解压输出大小,允许特制的FlateDecode PDF流从较小的文件中耗尽内存。
CVSS Information
N/A
Vulnerability Type
N/A