FliDecode.c did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load. This dates to the PIL fork.
Created mingw-python-pillow tracking bugs for this issue:
Affects: fedora-all [bug 1958256]
Created python-pillow tracking bugs for this issue:
Affects: fedora-all [bug 1958253]
Created python2-pillow tracking bugs for this issue:
Affects: fedora-all [bug 1958254]
Created python3-pillow tracking bugs for this issue:
Affects: epel-7 [bug 1958255]
To mitigate this feature on Red Hat Quay keep the invoice generation feature disabled, as it is by default.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2021:4149 https://access.redhat.com/errata/RHSA-2021:4149
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):