First published: Wed Jul 22 2020(Updated: )
It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted image file, a remote attacker could possibly cause Pillow to crash, resulting in a denial of service.
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/python-pil | <5.1.0-1ubuntu0.3 | 5.1.0-1ubuntu0.3 |
=18.04 | ||
All of | ||
ubuntu/python3-pil | <5.1.0-1ubuntu0.3 | 5.1.0-1ubuntu0.3 |
=18.04 | ||
All of | ||
ubuntu/python-pil | <3.1.2-0ubuntu1.4 | 3.1.2-0ubuntu1.4 |
=16.04 | ||
All of | ||
ubuntu/python3-pil | <3.1.2-0ubuntu1.4 | 3.1.2-0ubuntu1.4 |
=16.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Contains the following vulnerabilities)
The vulnerability ID for this advisory is USN-4430-1.
The title of this advisory is USN-4430-1: Pillow vulnerabilities.
The severity of the Pillow vulnerabilities is not specified in the advisory.
The affected software in this advisory is Pillow.
A remote attacker can exploit this vulnerability by tricking a user or automated system into opening a specially-crafted image file.
The impact of this vulnerability is a denial of service, as it can cause Pillow to crash.
To fix the Pillow vulnerabilities, update the Pillow package to version 5.1.0-1ubuntu0.3 for Ubuntu 18.04, or version 3.1.2-0ubuntu1.4 for Ubuntu 16.04.
You can find more information about the vulnerabilities in the following references: [CVE-2020-10177](https://ubuntu.com/security/CVE-2020-10177), [CVE-2020-10378](https://ubuntu.com/security/CVE-2020-10378), [CVE-2020-10994](https://ubuntu.com/security/CVE-2020-10994).