DOS attack in Pillow when processing specially crafted image files

GHSA-j7mj-748x-7p78 · CVE-2019-16865 · PYSEC-2019-110

Published Oct 22, 2019 · Modified Oct 9, 2024

Description

An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2019-16865
WEB https://github.com/python-pillow/Pillow/issues/4123
WEB https://github.com/python-pillow/Pillow/commit/ab52630d0644e42a75eb88b78b9a9d7438a6fbeb
WEB https://www.debian.org/security/2020/dsa-4631
WEB https://usn.ubuntu.com/4272-1
WEB https://ubuntu.com/security/notices/USN-4272-1
WEB https://pillow.readthedocs.io/en/latest/releasenotes/6.2.0.html
WEB https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYDXD7EE4YAEVSTNIFZKNVPRVJX5ZOG3
WEB https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EMJBUZQGQ2Q7HXYCQVRLU7OXNC7CAWWU
PACKAGE https://github.com/python-pillow/Pillow
WEB https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2019-110.yaml
ADVISORY https://github.com/advisories/GHSA-j7mj-748x-7p78
WEB https://access.redhat.com/errata/RHSA-2020:0694
WEB https://access.redhat.com/errata/RHSA-2020:0683
WEB https://access.redhat.com/errata/RHSA-2020:0681
WEB https://access.redhat.com/errata/RHSA-2020:0580
WEB https://access.redhat.com/errata/RHSA-2020:0578
WEB https://access.redhat.com/errata/RHSA-2020:0566

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes