Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 811450 (CVE-2021-23437) - <dev-python/pillow-8.3.2: buffer overflow due to color specifiers (?)
Summary: <dev-python/pillow-8.3.2: buffer overflow due to color specifiers (?)
Alias: CVE-2021-23437
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [stable]
Depends on: 811453
  Show dependency tree
Reported: 2021-09-02 20:41 UTC by Michał Górny
Modified: 2021-09-03 18:41 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2021-09-02 20:41:37 UTC
Apparently the CVE has not been published yet but the changelogs says:

+- CVE-2021-23437 Raise ValueError if color specifier is too long
+  [hugovk, radarhere]
Comment 1 John Helmert III gentoo-dev Security 2021-09-03 18:41:07 UTC
CVE says it's a ReDoS.