CVE-2019-16865

Sažetak

An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.

Reference

https://pillow.readthedocs.io/en/latest/releasenotes/6.2.0.html
https://usn.ubuntu.com/4272-1/
https://access.redhat.com/errata/RHSA-2020:0566
https://www.debian.org/security/2020/dsa-4631
https://access.redhat.com/errata/RHSA-2020:0580
https://access.redhat.com/errata/RHSA-2020:0578
https://access.redhat.com/errata/RHSA-2020:0683
https://access.redhat.com/errata/RHSA-2020:0681
https://access.redhat.com/errata/RHSA-2020:0694
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYDXD7EE4YAEVSTNIFZKNVPRVJX5ZOG3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EMJBUZQGQ2Q7HXYCQVRLU7OXNC7CAWWU/

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Zadnje važnije ažuriranje

07-11-2023 - 03:06

Objavljeno

04-10-2019 - 22:15