PT-2019-5694 · Python Imaging Library+3 · Pillow+3

Published

2019-10-04

Updated

2020-08-06

CVE-2019-16865

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Pillow versions prior to 6.2.0

Description The issue in the Pillow library is related to uncontrolled resource allocation. Exploitation of this issue can allow a remote attacker to cause a denial of service using specially crafted image files. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.

Recommendations For Pillow versions prior to 6.2.0, update to version 6.2.0 or later to resolve the issue.

Fix

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

BDU:2020-05770

CESA-2020_0578

CESA-2020_0580

CVE-2019-16865

DSA-4631-1

GHSA-J7MJ-748X-7P78

MGASA-2020-0088

PYSEC-2019-110

RHSA-2020:0566

RHSA-2020:0578

RHSA-2020:0580

RHSA-2020_0578

RHSA-2020_0580

SUSE-RU-2020:2072-1

SUSE-RU-2020:2161-1

SUSE-SU-2020:1901-1

SUSE-SU-2020:2057-1

USN-4272-1

Affected Products

Centos

Pillow

Red Hat

Ubuntu

PT-2019-5694 · Python Imaging Library+3 · Pillow+3

CVE-2019-16865

Weakness Enumeration

Related Identifiers

Affected Products

References · 160