Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
pillow_heif Has Integer Overflow in Encode Path Buffer Validation that Leads to Heap Out-of-Bounds Read
Vulnerability Description
pillow_heif is a Python library for working with HEIF images and plugin for Pillow. Prior to version 1.3.0, an integer overflow in the encode path buffer validation of `_pillow_heif.c` allows an attacker to bypass bounds checks by providing large image dimensions, resulting in a heap out-of-bounds read. This can lead to information disclosure (server heap memory leaking into encoded images) or denial of service (process crash). No special configuration is required — this triggers under default settings. Version 1.3.0 fixes the issue.
CVSS Information
N/A
Vulnerability Type
跨界内存读
Vulnerability Title
pillow-heif 输入验证错误漏洞
Vulnerability Description
pillow-heif是Alexander Piskun个人开发者的一个用于处理HEIF图像的Python库和Pillow插件。 pillow-heif 1.3.0之前版本存在输入验证错误漏洞,该漏洞源于整数溢出导致边界检查被绕过,可能导致信息泄露或拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A