High severity7.5NVD Advisory· Published Mar 19, 2021· Updated Jun 17, 2026
CVE-2021-25291
CVE-2021-25291
Description
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pillowPyPI | < 8.2.0 | 8.2.0 |
Affected products
6- Pillow/Pillowdescription
- osv-coords5 versionspkg:bitnami/pillowpkg:pypi/pillowpkg:rpm/opensuse/python-CairoSVG&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/python-Pillow&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/python-Pillow&distro=openSUSE%20Tumbleweed
< 8.1.1+ 4 more
- (no CPE)range: < 8.1.1
- (no CPE)range: < 8.2.0
- (no CPE)range: < 2.5.1-lp152.2.3.1
- (no CPE)range: < 8.3.1-lp152.5.3.1
- (no CPE)range: < 8.3.2-1.2
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-mvg9-xffr-p774ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-25291ghsaADVISORY
- pillow.readthedocs.io/en/stable/releasenotes/8.1.1.htmlnvdRelease NotesVendor AdvisoryWEB
- security.gentoo.org/glsa/202107-33nvdThird Party AdvisoryWEB
- github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-37.yamlghsaWEB
- github.com/python-pillow/Pillow/commit/8b8076bdcb3815be0ef0d279651d8d1342b8ea61ghsaWEB
- github.com/python-pillow/Pillow/commit/cbdce6c5d054fccaf4af34b47f212355c64ace7aghsaWEB
News mentions
0No linked articles in our index yet.