vulnerability

Amazon Linux AMI 2: CVE-2021-34552: Security patch for python-pillow (ALAS-2023-2083)

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Jul 13, 2021
Added
Jun 8, 2023
Modified
Jun 8, 2023

Description

Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.

Solution(s)

amazon-linux-ami-2-upgrade-python-pillowamazon-linux-ami-2-upgrade-python-pillow-debuginfoamazon-linux-ami-2-upgrade-python-pillow-develamazon-linux-ami-2-upgrade-python-pillow-docamazon-linux-ami-2-upgrade-python-pillow-saneamazon-linux-ami-2-upgrade-python-pillow-tk
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.