First published: Thu Feb 06 2020(Updated: )
It was discovered that Pillow incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-16865, CVE-2019-19911) It was discovered that Pillow incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code. (CVE-2020-5312) It was discovered that Pillow incorrectly handled certain TIFF images. An attacker could possibly use this issue to cause a crash. This issue only affected Ubuntu 19.10. (CVE-2020-5310) It was discovered that Pillow incorrectly handled certain SGI images. An attacker could possibly use this issue to execute arbitrary code or cause a crash. This issue only affected Ubuntu 18.04 and Ubuntu 19.10. (CVE-2020-5311) It was discovered that Pillow incorrectly handled certain PCX images. An attackter could possibly use this issue to execute arbitrary code or cause a crash. (CVE-2020-5312) It was discovered that Pillow incorrectly handled certain Flip images. An attacker could possibly use this issue to execute arbitrary code or cause a crash. (CVE-2020-5313)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/python-pil | <6.1.0-1ubuntu0.2 | 6.1.0-1ubuntu0.2 |
=19.10 | ||
All of | ||
ubuntu/python3-pil | <6.1.0-1ubuntu0.2 | 6.1.0-1ubuntu0.2 |
=19.10 | ||
All of | ||
ubuntu/python-pil | <5.1.0-1ubuntu0.2 | 5.1.0-1ubuntu0.2 |
=18.04 | ||
All of | ||
ubuntu/python3-pil | <5.1.0-1ubuntu0.2 | 5.1.0-1ubuntu0.2 |
=18.04 | ||
All of | ||
ubuntu/python-imaging | <3.1.2-0ubuntu1.3 | 3.1.2-0ubuntu1.3 |
=16.04 | ||
All of | ||
ubuntu/python-pil | <3.1.2-0ubuntu1.3 | 3.1.2-0ubuntu1.3 |
=16.04 | ||
All of | ||
ubuntu/python3-pil | <3.1.2-0ubuntu1.3 | 3.1.2-0ubuntu1.3 |
=16.04 | ||
All of | ||
ubuntu/python-imaging | <2.3.0-1ubuntu3.4+esm1 | 2.3.0-1ubuntu3.4+esm1 |
=14.04 | ||
All of | ||
ubuntu/python-pil | <2.3.0-1ubuntu3.4+esm1 | 2.3.0-1ubuntu3.4+esm1 |
=14.04 | ||
All of | ||
ubuntu/python3-imaging | <2.3.0-1ubuntu3.4+esm1 | 2.3.0-1ubuntu3.4+esm1 |
=14.04 | ||
All of | ||
ubuntu/python3-pil | <2.3.0-1ubuntu3.4+esm1 | 2.3.0-1ubuntu3.4+esm1 |
=14.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Contains the following vulnerabilities)
The severity of USN-4272-1 is moderate.
Pillow incorrectly handles certain images.
The vulnerability could cause a denial of service or allow arbitrary code execution.
Pillow versions 6.1.0-1ubuntu0.2, 5.1.0-1ubuntu0.2, 3.1.2-0ubuntu1.3, 2.3.0-1ubuntu3.4+esm1, and older are affected.
Update to Pillow version 6.1.0-1ubuntu0.2 or later.