VDB
PYSEC-2019-110
PYSEC-2019-110
PUBLISHED
An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| PyPI | pillow | 0, 1.1, 1.2 |
Timeline
- Oct 4, 2019 CVE Published
- Nov 8, 2023 CVE Updated
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
References
- https://pillow.readthedocs.io/en/latest/releasenotes/6.2.0.html url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYDXD7EE4YAEVSTNIFZKNVPRVJX5ZOG3/ url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EMJBUZQGQ2Q7HXYCQVRLU7OXNC7CAWWU/ url
- https://access.redhat.com/errata/RHSA-2020:0566 advisory
- https://www.debian.org/security/2020/dsa-4631 advisory
- https://access.redhat.com/errata/RHSA-2020:0580 advisory
- https://github.com/advisories/GHSA-j7mj-748x-7p78 advisory
- https://usn.ubuntu.com/4272-1/ advisory
- https://access.redhat.com/errata/RHSA-2020:0578 advisory
- https://access.redhat.com/errata/RHSA-2020:0683 advisory
- https://access.redhat.com/errata/RHSA-2020:0681 advisory
- https://access.redhat.com/errata/RHSA-2020:0694 advisory