SecuritySpace - CVE-2021-25289

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2021-25289

Description: An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap- based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.

Test IDs: None available

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2021-25289
https://security.gentoo.org/glsa/202107-33
https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html

CVE ID:	CVE-2021-25289
Description:	An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap- based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2021-25289 https://security.gentoo.org/glsa/202107-33 https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html