BlpImagePlugin did not properly check that reads after jumping to file offsets returned data. This could lead to a denial-of-service where the decoder could be run a large number of times on empty data. This dates to Pillow 5.1.0. References: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#security https://github.com/python-pillow/Pillow/pull/5377
Created mingw-python-pillow tracking bugs for this issue: Affects: fedora-all [bug 1958267] Created python-pillow tracking bugs for this issue: Affects: fedora-all [bug 1958264] Created python2-pillow tracking bugs for this issue: Affects: fedora-all [bug 1958265] Created python3-pillow tracking bugs for this issue: Affects: epel-7 [bug 1958266]
Mitigation: To mitigate this feature on Red Hat Quay keep the invoice generation feature disabled, as it is by default.
Upstream patch: https://github.com/python-pillow/Pillow/pull/5377/commits/496245aa4365d0827390bd0b6fbd11287453b3a1
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:4149 https://access.redhat.com/errata/RHSA-2021:4149
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-28678