What is the vulnerability ID for this advisory?

The vulnerability ID for this advisory is USN-4430-1.

What is the title of this advisory?

The title of this advisory is USN-4430-1: Pillow vulnerabilities.

What is the severity of the Pillow vulnerabilities?

The severity of the Pillow vulnerabilities is not specified in the advisory.

What is the affected software in this advisory?

The affected software in this advisory is Pillow.

How can a remote attacker exploit this vulnerability?

A remote attacker can exploit this vulnerability by tricking a user or automated system into opening a specially-crafted image file.

What is the impact of this vulnerability?

The impact of this vulnerability is a denial of service, as it can cause Pillow to crash.

How can I fix the Pillow vulnerabilities?

To fix the Pillow vulnerabilities, update the Pillow package to version 5.1.0-1ubuntu0.3 for Ubuntu 18.04, or version 3.1.2-0ubuntu1.4 for Ubuntu 16.04.

Where can I find more information about the vulnerabilities?

You can find more information about the vulnerabilities in the following references: [CVE-2020-10177](https://ubuntu.com/security/CVE-2020-10177), [CVE-2020-10378](https://ubuntu.com/security/CVE-2020-10378), [CVE-2020-10994](https://ubuntu.com/security/CVE-2020-10994).

Vulnerability/
USN-4430-1

22/7/2020

USN-4430-1: Pillow vulnerabilities

First published: Wed Jul 22 2020(Updated: )

It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted image file, a remote attacker could possibly cause Pillow to crash, resulting in a denial of service.

Affected Software	Affected Version	How to fix
All of
ubuntu/python-pil	<5.1.0-1ubuntu0.3	5.1.0-1ubuntu0.3
	=18.04
All of
ubuntu/python3-pil	<5.1.0-1ubuntu0.3	5.1.0-1ubuntu0.3
	=18.04
All of
ubuntu/python-pil	<3.1.2-0ubuntu1.4	3.1.2-0ubuntu1.4
	=16.04
All of
ubuntu/python3-pil	<3.1.2-0ubuntu1.4	3.1.2-0ubuntu1.4
	=16.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the vulnerability ID for this advisory?
The vulnerability ID for this advisory is USN-4430-1.
What is the title of this advisory?
The title of this advisory is USN-4430-1: Pillow vulnerabilities.
What is the severity of the Pillow vulnerabilities?
The severity of the Pillow vulnerabilities is not specified in the advisory.
What is the affected software in this advisory?
The affected software in this advisory is Pillow.
How can a remote attacker exploit this vulnerability?
A remote attacker can exploit this vulnerability by tricking a user or automated system into opening a specially-crafted image file.
What is the impact of this vulnerability?
The impact of this vulnerability is a denial of service, as it can cause Pillow to crash.
How can I fix the Pillow vulnerabilities?
To fix the Pillow vulnerabilities, update the Pillow package to version 5.1.0-1ubuntu0.3 for Ubuntu 18.04, or version 3.1.2-0ubuntu1.4 for Ubuntu 16.04.
Where can I find more information about the vulnerabilities?
You can find more information about the vulnerabilities in the following references: [CVE-2020-10177](https://ubuntu.com/security/CVE-2020-10177), [CVE-2020-10378](https://ubuntu.com/security/CVE-2020-10378), [CVE-2020-10994](https://ubuntu.com/security/CVE-2020-10994).

agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/title
agent/type
collector/usn
source/Ubuntu
anchor-related/USN-4430-2
anchor-related/USN-4697-2
agent/software-canonical-lookup
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu ubuntu
version/ubuntu ubuntu/18.04
version/ubuntu ubuntu/16.04