CVE-2019-16865
DOS attack in Pillow when processing specially crafted image files
7.5
HIGH
CVSS 3.1
EPSS 3.9%
Description
An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.
How to fix CVE-2019-16865
To remediate CVE-2019-16865, upgrade the affected package to a fixed version below.
- Debian/pillow—upgrade to 6.2.0-1 or later
- —upgrade to 6.2.0 or later
- —upgrade to 6.2.0 or later
Is CVE-2019-16865 being exploited?
Low — EPSS is 3.9%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 6.2.0-1
- from 0, < 6.2.0
- from 0, < 6.2.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |