First published: Fri Oct 04 2019(Updated: )
An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/python-pillow | <0:2.0.0-20.gitd1c6db8.el7_7 | 0:2.0.0-20.gitd1c6db8.el7_7 |
redhat/python-pillow | <0:5.1.1-10.el8_1 | 0:5.1.1-10.el8_1 |
redhat/python-pillow | <0:5.1.1-10.el8_0 | 0:5.1.1-10.el8_0 |
Python Pillow | <6.2.0 | |
Fedoraproject Fedora | =30 | |
Fedoraproject Fedora | =31 | |
redhat/python-pillow | <6.2.0 | 6.2.0 |
pip/pillow | <6.2.0 | 6.2.0 |
ubuntu/pillow | <5.1.0-1ubuntu0.2 | 5.1.0-1ubuntu0.2 |
ubuntu/pillow | <6.1.0-1ubuntu0.2 | 6.1.0-1ubuntu0.2 |
ubuntu/pillow | <2.3.0-1ubuntu3.4+ | 2.3.0-1ubuntu3.4+ |
ubuntu/pillow | <6.2.0-1 | 6.2.0-1 |
ubuntu/pillow | <3.1.2-0ubuntu1.3 | 3.1.2-0ubuntu1.3 |
debian/pillow | 5.4.1-2+deb10u3 5.4.1-2+deb10u6 8.1.2+dfsg-0.3+deb11u1 9.4.0-1.1 10.2.0-1 10.3.0-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
The vulnerability ID of this issue is CVE-2019-16865.
The severity of CVE-2019-16865 is high (7 out of 10).
The affected software is python-pillow.
The vulnerability may allow an attacker to allocate a large amount of memory or cause a denial of service by processing specially crafted image files.
To fix CVE-2019-16865, update to version 6.2.0 of python-pillow.