Tag
Pillow versions 10.3.0 through 12.1.x are vulnerable to a decompression bomb attack via maliciously crafted FITS images, leading to excessive memory consumption and denial of service, resolved in version 12.2.0.