CVE-2019-16865

An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.

Published : 2019-10-04 22:15 Updated : 2019-10-10 14:43

4.3
CVSS Score More info
Score 4.3 / 10
4.3
Vendor Product Version URI
Python Pillow 1.7.8 cpe:/a:python:pillow:1.7.8
Python Pillow 2.2.2 cpe:/a:python:pillow:2.2.2
Python Pillow 2.3.0 cpe:/a:python:pillow:2.3.0
Python Pillow 2.3.1 cpe:/a:python:pillow:2.3.1
Python Pillow 2.4.0 cpe:/a:python:pillow:2.4.0
Python Pillow 2.5.0 cpe:/a:python:pillow:2.5.0
Python Pillow 2.5.1 cpe:/a:python:pillow:2.5.1
Python Pillow 2.5.2 cpe:/a:python:pillow:2.5.2
Python Pillow 2.5.3 cpe:/a:python:pillow:2.5.3
Python Pillow 2.6.0 cpe:/a:python:pillow:2.6.0
Python Pillow 2.6.0 cpe:/a:python:pillow:2.6.0:rc1
Python Pillow 2.6.1 cpe:/a:python:pillow:2.6.1
Python Pillow 2.6.2 cpe:/a:python:pillow:2.6.2
Python Pillow 2.7.0 cpe:/a:python:pillow:2.7.0
Python Pillow 2.8.0 cpe:/a:python:pillow:2.8.0
Python Pillow 2.8.1 cpe:/a:python:pillow:2.8.1
Python Pillow 2.8.2 cpe:/a:python:pillow:2.8.2
Python Pillow 2.9.0 cpe:/a:python:pillow:2.9.0
Python Pillow 2.9.0 cpe:/a:python:pillow:2.9.0:dev0
Python Pillow 2.9.0 cpe:/a:python:pillow:2.9.0:dev1
Python Pillow 2.9.0 cpe:/a:python:pillow:2.9.0:dev2
Python Pillow 3.0.0 cpe:/a:python:pillow:3.0.0
Python Pillow 3.0.0 cpe:/a:python:pillow:3.0.0:rc1
Python Pillow 3.1.0 cpe:/a:python:pillow:3.1.0
Python Pillow 3.3.1 cpe:/a:python:pillow:3.3.1
Python Pillow 3.3.2 cpe:/a:python:pillow:3.3.2
Python Pillow 3.4.0 cpe:/a:python:pillow:3.4.0
Python Pillow 4.0.0 cpe:/a:python:pillow:4.0.0
Python Pillow 4.1.0 cpe:/a:python:pillow:4.1.0
Python Pillow 4.1.1 cpe:/a:python:pillow:4.1.1
Python Pillow 4.2.0 cpe:/a:python:pillow:4.2.0
Python Pillow 4.2.1 cpe:/a:python:pillow:4.2.1
Python Pillow 4.3.0 cpe:/a:python:pillow:4.3.0
Python Pillow 5.0.0 cpe:/a:python:pillow:5.0.0
Python Pillow 5.1.0 cpe:/a:python:pillow:5.1.0
Python Pillow 5.2.0 cpe:/a:python:pillow:5.2.0
Python Pillow 5.3.0 cpe:/a:python:pillow:5.3.0
Python Pillow 5.4.0 cpe:/a:python:pillow:5.4.0
Python Pillow 5.4.1 cpe:/a:python:pillow:5.4.1
Python Pillow 6.0.0 cpe:/a:python:pillow:6.0.0
  1. Python (1) Search CVE
    1. Pillow (35) Search CVE
      1. 1.7.8
      2. 2.2.2
      3. 2.3.0
      4. 2.3.1
      5. 2.4.0
      6. 2.5.0
      7. 2.5.1
      8. 2.5.2
      9. 2.5.3
      10. 2.6.0
      11. 2.6.1
      12. 2.6.2
      13. 2.7.0
      14. 2.8.0
      15. 2.8.1
      16. 2.8.2
      17. 2.9.0
      18. 3.0.0
      19. 3.1.0
      20. 3.3.1
      21. 3.3.2
      22. 3.4.0
      23. 4.0.0
      24. 4.1.0
      25. 4.1.1
      26. 4.2.0
      27. 4.2.1
      28. 4.3.0
      29. 5.0.0
      30. 5.1.0
      31. 5.2.0
      32. 5.3.0
      33. 5.4.0
      34. 5.4.1
      35. 6.0.0

CWE

ID Name Description Links
CWE-770 Allocation of Resources Without Limits or Throttling The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on how many resources can be allocated, in violation of the intended security policy for that actor. CVE

History of changes

Date Event
2019-10-10 14:43
2019-10-04 22:15

New CVE