pillow is vulnerable to Memory Allocation with Excessive Size Value
75
High Risk
Affected versions of Pillow are vulnerable to a denial-of-service (DoS) issue because the PCF font loader (PIL.PcfFontFile) does not perform decompression bomb checks on attacker-controlled glyph dimensions. A specially crafted PCF font can trigger excessive memory allocation, potentially exhausting system resources and crashing applications that load untrusted PCF fonts.
You're affected if you are using a version which is within vulnerability ranges.
pillow is vulnerable to Memory Allocation with Excessive Size Value in versions 0.0.1 - 12.2.0.
Upgrade pillow library to patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant