Published: 05/01/2020 Updated: 24/08/2020
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

There is a DoS vulnerability in Pillow prior to 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux running 64-bit Python this results in the process being terminated by the OOM killer.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

python pillow

Vendor Advisories

Debian Bug report logs - #948224 pillow: CVE-2019-19911 CVE-2020-5310 CVE-2020-5311 CVE-2020-5312 CVE-2020-5313 Package: pillow; Maintainer for pillow is Matthias Klose <doko@debianorg>; Reported by: Markus Koschany <apo@debianorg> Date: Sun, 5 Jan 2020 15:33:01 UTC Severity: grave Tags: security Found in version ...
Several security issues were fixed in Pillow ...
Multiple security issues were discovered in Pillow, a Python imaging library, which could result in denial of service and potentially the execution of arbitrary code if malformed PCX, FLI, SGI or TIFF images are processed For the oldstable distribution (stretch), these problems have been fixed in version 400-4+deb9u1 For the stable distribution ...