Vulnerabilities

CVE-2021-28676

June 8, 2021

An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load.

Summary:

An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load.

Reference Links(if available):

https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28676-fix-fli-dos

https://github.com/python-pillow/Pillow/pull/5377

https://lists.fedoraproject.org/archives/list/[email protected]/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/

CVSS Score (if available)

v2: / MEDIUM

v3: /

Links to Exploits(if available)

[HUNTERS] – Ransomware Victim: A&O IT Group

November 15, 2024

[RANSOMHUB] – Ransomware Victim: www[.]gob[.]mx

November 15, 2024

[EVEREST] – Ransomware Victim: Bio-Clima Service Srl

November 15, 2024

[FOG] – Ransomware Victim: Vector Transport (vectortransport[.]com)

November 15, 2024

[EVEREST] – Ransomware Victim: A Sensitive Touch Home Health;Alphastar Home Health Care;Heart of Texas Home Healthcare Se

November 15, 2024

Summary:

Reference Links(if available):

CVSS Score (if available)

Links to Exploits(if available)

You may have missed

[HUNTERS] – Ransomware Victim: A&O IT Group

[RANSOMHUB] – Ransomware Victim: www[.]gob[.]mx

[EVEREST] – Ransomware Victim: Bio-Clima Service Srl

[FOG] – Ransomware Victim: Vector Transport (vectortransport[.]com)

[EVEREST] – Ransomware Victim: A Sensitive Touch Home Health;Alphastar Home Health Care;Heart of Texas Home Healthcare Se