CVE-2021-25288

Reference Links

• https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
• https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
• https://security.gentoo.org/glsa/202107-33
• https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#security
• https://github.com/python-pillow/Pillow/pull/5377
• https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1958235
• https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1958232
• https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1958233
• https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1958234
• https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87
• https://access.redhat.com/errata/RHSA-2021:4149
• https://access.redhat.com/security/cve/cve-2021-25288
• https://bugzilla.redhat.com/show_bug.cgi?id=1958231
• https://www.cve.org/CVERecord?id=CVE-2021-25288 https://nvd.nist.gov/vuln/detail/CVE-2021-25288

Parent vulnerabilities

(Appears in the following advisories)

• RHSA-2021:4149

Frequently Asked Questions

• What is the severity of CVE-2021-25288?

  The severity of CVE-2021-25288 is critical with a CVSS score of 9.1.

• How can I fix CVE-2021-25288?

  To fix CVE-2021-25288, upgrade to version 8.2.0 of Pillow.

• What is the affected software for CVE-2021-25288?

  The affected software for CVE-2021-25288 includes Python Pillow versions up to and excluding 8.2.0, as well as Red Hat's python-pillow package versions 0:5.1.1-16.el8.

• What is the CWE of CVE-2021-25288?

  The CWE of CVE-2021-25288 is CWE-125.

• Are there any references for CVE-2021-25288?

  Yes, there are references available for CVE-2021-25288. You can find them at the following URLs: [link1], [link2], [link3].