CVE-2019-16865 – pillow

Package

Manager: pip
Name: pillow
Vulnerable Version: >=0 <6.2.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.05198 pctl0.89532

Details

DOS attack in Pillow when processing specially crafted image files An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.

Metadata

Created: 2019-10-22T14:40:42Z
Modified: 2024-10-09T21:07:19Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/10/GHSA-j7mj-748x-7p78/GHSA-j7mj-748x-7p78.json
CWE IDs: ["CWE-770"]
Alternative ID: GHSA-j7mj-748x-7p78
Finding: F029
Auto approve: 1