CVE-2019-16865
Description
An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
3.942
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2019-16865 are fixed in Python-pillow 6.2.0 | Windows |
| Python Imaging Library (USN-4272-1) python-pil_3.1.2-0ubuntu1.3_i386.deb | Linux |
| Python Imaging Library (USN-4272-1) python-pil_3.1.2-0ubuntu1.3_amd64.deb | Linux |
| Python Imaging Library (USN-4272-1) python-pil_5.1.0-1ubuntu0.2_i386.deb | Linux |
| Python Imaging Library (USN-4272-1) python-pil_5.1.0-1ubuntu0.2_amd64.deb | Linux |
| Python Imaging Library (USN-4272-1) python-pil_6.1.0-1ubuntu0.2_i386.deb | Linux |
| Python Imaging Library (USN-4272-1) python-pil_6.1.0-1ubuntu0.2_amd64.deb | Linux |
| Python Imaging Library (USN-4272-1) python3-pil_3.1.2-0ubuntu1.3_i386.deb | Linux |
| Python Imaging Library (USN-4272-1) python3-pil_3.1.2-0ubuntu1.3_amd64.deb | Linux |
| Python Imaging Library (USN-4272-1) python3-pil_5.1.0-1ubuntu0.2_i386.deb | Linux |
| Python Imaging Library (USN-4272-1) python3-pil_5.1.0-1ubuntu0.2_amd64.deb | Linux |
| Python Imaging Library (USN-4272-1) python3-pil_6.1.0-1ubuntu0.2_i386.deb | Linux |
| Python Imaging Library (USN-4272-1) python3-pil_6.1.0-1ubuntu0.2_amd64.deb | Linux |
| Python Imaging Library (USN-4272-1) python-imaging_3.1.2-0ubuntu1.3_all.deb | Linux |
| (RHSA-2020:0578) python-pillow security update python-pillow-2.0.0-20.gitd1c6db8.el7_7.i686.rpm | Linux |
| (RHSA-2020:0578) python-pillow security update python-pillow-2.0.0-20.gitd1c6db8.el7_7.x86_64.rpm | Linux |
| (RHSA-2020:0578) python-pillow security update python-pillow-devel-2.0.0-20.gitd1c6db8.el7_7.i686.rpm | Linux |
| (RHSA-2020:0578) python-pillow security update python-pillow-devel-2.0.0-20.gitd1c6db8.el7_7.x86_64.rpm | Linux |
| (RHSA-2020:0578) python-pillow security update python-pillow-doc-2.0.0-20.gitd1c6db8.el7_7.x86_64.rpm | Linux |
| (RHSA-2020:0578) python-pillow security update python-pillow-qt-2.0.0-20.gitd1c6db8.el7_7.x86_64.rpm | Linux |
| (RHSA-2020:0578) python-pillow security update python-pillow-sane-2.0.0-20.gitd1c6db8.el7_7.x86_64.rpm | Linux |
| (RHSA-2020:0578) python-pillow security update python-pillow-tk-2.0.0-20.gitd1c6db8.el7_7.x86_64.rpm | Linux |
| (RHSA-2020:0580) python-pillow security update python-pillow-debugsource-5.1.1-10.el8_1.x86_64.rpm | Linux |
| (RHSA-2020:0580) python-pillow security update python3-pillow-5.1.1-10.el8_1.x86_64.rpm | Linux |
| Python-imaging update (ELSA-2020-0898) python-imaging-1.1.6-20.el6_10.x86_64.rpm | Linux |
| Python-imaging-devel update (ELSA-2020-0898) python-imaging-devel-1.1.6-20.el6_10.x86_64.rpm | Linux |
| Python-imaging-sane update (ELSA-2020-0898) python-imaging-sane-1.1.6-20.el6_10.x86_64.rpm | Linux |
| Python-imaging-tk update (ELSA-2020-0898) python-imaging-tk-1.1.6-20.el6_10.x86_64.rpm | Linux |
| Python-imaging update (ELSA-2020-0898) python-imaging-1.1.6-20.el6_10.i686.rpm | Linux |
| Python-imaging-devel update (ELSA-2020-0898) python-imaging-devel-1.1.6-20.el6_10.i686.rpm | Linux |
| Python-imaging-sane update (ELSA-2020-0898) python-imaging-sane-1.1.6-20.el6_10.i686.rpm | Linux |
| Python-imaging-tk update (ELSA-2020-0898) python-imaging-tk-1.1.6-20.el6_10.i686.rpm | Linux |
| (CESA-2020:0580) python-pillow security update python3-pillow-5.1.1-10.el8_1.x86_64.rpm | Linux |
| Vulnerabilities CVE-2019-16865 are fixed in Python-pillow for linux 6.2.0 | Linux |
| Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-16865) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234