Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2019-19911

Published: 05/01/2020 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Python

Vulnerability Summary

There is a DoS vulnerability in Pillow prior to 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux running 64-bit Python this results in the process being terminated by the OOM killer.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

python pillow

debian debian linux 9.0

debian debian linux 10.0

fedoraproject fedora 30

canonical ubuntu linux 18.04

canonical ubuntu linux 14.04

canonical ubuntu linux 19.10

canonical ubuntu linux 16.04

Vendor Advisories

Red Hat: Moderate: Red Hat Quay v3.4.0 security update
Synopsis Moderate: Red Hat Quay v340 security update Type/Severity Security Advisory: Moderate Topic Red Hat Quay 340 is now available with bug fixes and variousenhancementsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVS ...
Debian CVElist Bug Report Logs: pillow: CVE-2019-19911 CVE-2020-5310 CVE-2020-5311 CVE-2020-5312 CVE-2020-5313
Debian Bug report logs - #948224 pillow: CVE-2019-19911 CVE-2020-5310 CVE-2020-5311 CVE-2020-5312 CVE-2020-5313 Package: pillow; Maintainer for pillow is Matthias Klose <doko@debianorg>; Reported by: Markus Koschany <apo@debianorg> Date: Sun, 5 Jan 2020 15:33:01 UTC Severity: grave Tags: security Found in version ...
Ubuntu Security Notice: pillow vulnerabilities
Several security issues were fixed in Pillow ...
Debian Security Advisories: DSA-4631-1 pillow -- security update
Multiple security issues were discovered in Pillow, a Python imaging library, which could result in denial of service and potentially the execution of arbitrary code if malformed PCX, FLI, SGI or TIFF images are processed For the oldstable distribution (stretch), these problems have been fixed in version 400-4+deb9u1 For the stable distribution ...

References

CWE-190https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.htmlhttps://usn.ubuntu.com/4272-1/https://www.debian.org/security/2020/dsa-4631https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/https://access.redhat.com/errata/RHSA-2021:0420https://usn.ubuntu.com/4272-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook