{"id":"CVE-2021-23437","details":"The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.","aliases":["BIT-pillow-2021-23437","GHSA-98vv-pw6r-q6q4","PYSEC-2021-317","SNYK-PYTHON-PILLOW-1319443"],"modified":"2026-04-16T04:37:52.604679505Z","published":"2021-09-03T16:15:08.317Z","related":["SNYK-PYTHON-PILLOW-1319443","SUSE-SU-2021:3234-1","SUSE-SU-2021:3235-1","SUSE-SU-2024:1673-1","SUSE-SU-2024:1673-2","openSUSE-SU-2024:11209-1","openSUSE-SU-2024:13827-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/"},{"type":"ADVISORY","url":"https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202211-10"},{"type":"FIX","url":"https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b"},{"type":"FIX","url":"https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/python-pillow/pillow","events":[{"introduced":"c28bf86b7e752a9257a0d4451ca878c1385db15c"},{"fixed":"8013f130a5077b238a4346b73e149432b180a8ea"},{"fixed":"9e08eb8f78fdfd2f476e1b20b7cf38683754866b"}],"database_specific":{"versions":[{"introduced":"5.2.0"},{"fixed":"8.3.2"}]}}],"versions":["5.2.0","5.3.0","5.4.0","6.0.0","6.1.0","6.2.0","7.0.0","7.1.0","7.2.0","8.0.0","8.1.0","8.2.0","8.3.0","8.3.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-23437.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"33"}]},{"events":[{"introduced":"0"},{"last_affected":"34"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}