Vulnerability Description
An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Python | Pillow | < 6.2.0 |
| Fedoraproject | Fedora | 30 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2020:0566
- https://access.redhat.com/errata/RHSA-2020:0578
- https://access.redhat.com/errata/RHSA-2020:0580
- https://access.redhat.com/errata/RHSA-2020:0681
- https://access.redhat.com/errata/RHSA-2020:0683
- https://access.redhat.com/errata/RHSA-2020:0694
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://pillow.readthedocs.io/en/latest/releasenotes/6.2.0.htmlRelease NotesVendor Advisory
- https://usn.ubuntu.com/4272-1/
- https://www.debian.org/security/2020/dsa-4631
- https://access.redhat.com/errata/RHSA-2020:0566
- https://access.redhat.com/errata/RHSA-2020:0578
- https://access.redhat.com/errata/RHSA-2020:0580
- https://access.redhat.com/errata/RHSA-2020:0681
FAQ
What is CVE-2019-16865?
CVE-2019-16865 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of tim...
How severe is CVE-2019-16865?
CVE-2019-16865 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-16865?
Check the references section above for vendor advisories and patch information. Affected products include: Python Pillow, Fedoraproject Fedora.