Skip to content

Infinite loop in Pillow

Low severity GitHub Reviewed Published Mar 11, 2022 to the GitHub Advisory Database • Updated Jan 11, 2023

Package

pip Pillow (pip)

Affected versions

< 9.0.0

Patched versions

9.0.0

Description

JpegImagePlugin may append an EOF marker to the end of a truncated file, so that the last segment of the data will still be processed by the decoder.

If the EOF marker is not detected as such however, this could lead to an infinite loop where JpegImagePlugin keeps trying to end the file.

References

Published to the GitHub Advisory Database Mar 11, 2022
Reviewed Mar 11, 2022
Last updated Jan 11, 2023

Severity

Low

Weaknesses

CVE ID

No known CVE

GHSA ID

GHSA-4fx9-vc88-q2xc

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.