CVE-2021-28675: 
Python vulnerability analysis and mitigation

An issue was discovered in Pillow before version 8.2.0, identified as CVE-2021-28675. The vulnerability exists in PSDImagePlugin.PsdImageFile, which lacked a sanity check on the number of input layers relative to the size of the data block. This vulnerability was discovered in early 2021 and affects Python's Pillow library (NVD, CVE).

The vulnerability stems from a missing validation check in the PSDImagePlugin.PsdImageFile component. The issue could be triggered during the image opening process, specifically before the Image.load operation. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium), with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H, indicating local attack vector, low attack complexity, no privileges required, and user interaction required (NVD).

The primary impact of this vulnerability is the potential for a Denial of Service (DoS) attack. When exploited, the vulnerability could cause the application to become unresponsive during the Image.open operation, before Image.load is executed (Pillow Docs).

The vulnerability was fixed in Pillow version 8.2.0. Users are advised to upgrade to this version or later to address the security issue. The fix involves implementing proper sanity checks for the number of input layers in relation to the data block size (Pillow Docs, Gentoo Security).