Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This issue has been patched in version 12.2.0.
Weakness
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Pillow | Python | 4.2.0 (including) | 12.2.0 (excluding) |
| Red Hat AI Inference Server 3.3 | RedHat | rhaiis/model-opt-cuda-rhel9:1778244559 | * |
| Red Hat AI Inference Server 3.3 | RedHat | rhaiis/vllm-rocm-rhel9:1778244531 | * |
| Red Hat AI Inference Server 3.3 | RedHat | rhaiis/vllm-cuda-rhel9:1778274666 | * |
| Pillow | Ubuntu | devel | * |
| Pillow | Ubuntu | esm-infra/xenial | * |
| Pillow | Ubuntu | jammy | * |
| Pillow | Ubuntu | noble | * |
| Pillow | Ubuntu | questing | * |
| Pillow | Ubuntu | resolute | * |
| Pillow | Ubuntu | upstream | * |