Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-4631-1:EFD0A
HistoryFeb 21, 2020 - 8:22 p.m.

[SECURITY] [DSA 4631-1] pillow security update

2020-02-2120:22:04
lists.debian.org
114

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.7%

JSON

Debian Security Advisory DSA-4631-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
February 21, 2020 https://www.debian.org/security/faq

Package : pillow
CVE ID : CVE-2019-16865 CVE-2019-19911 CVE-2020-5311
CVE-2020-5312 CVE-2020-5313

Multiple security issues were discovered in Pillow, a Python imaging
library, which could result in denial of service and potentially the
execution of arbitrary code if malformed PCX, FLI, SGI or TIFF images
are processed.

For the oldstable distribution (stretch), these problems have been fixed
in version 4.0.0-4+deb9u1.

For the stable distribution (buster), these problems have been fixed in
version 5.4.1-2+deb10u1.

We recommend that you upgrade your pillow packages.

For the detailed security status of pillow please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/pillow

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian10mipselpython3-pil.imagetk< 5.4.1-2+deb10u1python3-pil.imagetk_5.4.1-2+deb10u1_mipsel.deb
Debian9amd64python-pil.imagetk-dbg< 4.0.0-4+deb9u1python-pil.imagetk-dbg_4.0.0-4+deb9u1_amd64.deb
Debian10armhfpython-pil.imagetk< 5.4.1-2+deb10u1python-pil.imagetk_5.4.1-2+deb10u1_armhf.deb
Debian10s390xpython-pil-dbg< 5.4.1-2+deb10u1python-pil-dbg_5.4.1-2+deb10u1_s390x.deb
Debian10i386python-pil< 5.4.1-2+deb10u1python-pil_5.4.1-2+deb10u1_i386.deb
Debian9arm64python3-pil-dbg< 4.0.0-4+deb9u1python3-pil-dbg_4.0.0-4+deb9u1_arm64.deb
Debian10i386python3-pil< 5.4.1-2+deb10u1python3-pil_5.4.1-2+deb10u1_i386.deb
Debian10mipspython-pil.imagetk-dbg< 5.4.1-2+deb10u1python-pil.imagetk-dbg_5.4.1-2+deb10u1_mips.deb
Debian9s390xpython-pil-dbg< 4.0.0-4+deb9u1python-pil-dbg_4.0.0-4+deb9u1_s390x.deb
Debian10amd64python-pil.imagetk-dbg< 5.4.1-2+deb10u1python-pil.imagetk-dbg_5.4.1-2+deb10u1_amd64.deb
Rows per page:
1-10 of 1651

Related

fedora 4
nessus 57
openvas 28
ubuntu 1
mageia 1
freebsd 2
ibm 2
osv 25
debian 1
redhat 13
oraclelinux 5
amazon 2
f5 1
centos 3
redhatcve 5
alpinelinux 4
debiancve 6
ubuntucve 6
veracode 5
prion 6
github 6
cve 6
cnvd 1
almalinux 1
rocky 1
rosalinux 1
fedora
fedora
[SECURITY] Fedora 30 Update: python-pillow-5.4.1-4.fc30
2020-02-22 01:16:45
[SECURITY] Fedora 31 Update: python-pillow-6.2.2-1.fc31
2020-01-31 02:02:49
[SECURITY] Fedora 30 Update: python-pillow-5.4.1-3.fc30
2019-12-05 01:12:52
nessus
nessus
Debian DSA-4631-1 : pillow - security update
2020-02-24 00:00:00
Ubuntu 16.04 LTS / 18.04 LTS : Pillow vulnerabilities (USN-4272-1)
2020-02-07 00:00:00
FreeBSD : Pillow -- Multiple vulnerabilities (0700e76c-3eb0-11ea-8478-3085a9a95629)
2020-01-27 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2020-0088)
2022-01-28 00:00:00
Ubuntu: Security Advisory (USN-4272-1)
2020-02-07 00:00:00
Fedora: Security Advisory for python-pillow (FEDORA-2020-5cdbb19cca)
2020-02-22 00:00:00
ubuntu
ubuntu
Pillow vulnerabilities
2020-02-06 00:00:00
mageia
mageia
Updated python-pillow packages fix security vulnerabilities
2020-02-18 17:05:53
freebsd
freebsd
Pillow -- Multiple vulnerabilities
2019-12-19 00:00:00
Pillow -- Allocation of resources without limits or throttling
2019-09-24 00:00:00
ibm
ibm
Security Bulletin: A security vulnerability has been identified in Pillow shipped with IBM Watson Machine Learning Community Edition (WMLCE) containers
2020-05-20 00:04:07
Security Bulletin: A security vulnerability has been identified in Pillow shipped with PowerAI.
2020-01-10 19:15:13
osv
osv
pillow - security update
2020-01-06 00:00:00
pillow - security update
2020-02-21 00:00:00
Uncontrolled Resource Consumption in Pillow
2020-04-01 16:36:44
debian
debian
[SECURITY] [DLA 2057-1] pillow security update
2020-01-06 16:51:36
redhat
redhat
(RHSA-2020:0566) Important: python-pillow security update
2020-02-20 21:57:19
(RHSA-2020:0580) Important: python-pillow security update
2020-02-24 12:25:31
(RHSA-2020:0578) Important: python-pillow security update
2020-02-24 12:10:47
oraclelinux
oraclelinux
python-pillow security update
2020-02-25 00:00:00
python-pillow security update
2020-10-06 00:00:00
python-imaging security update
2020-03-19 00:00:00
amazon
amazon
Important: python-pillow
2020-04-20 20:47:00
Medium: python-pillow
2020-10-22 18:36:00
f5
f5
K16213320 : Python Pillow vulnerabilities CVE-2020-5312 and CVE-2020-5313
2021-04-28 00:00:00
centos
centos
python security update
2020-02-26 17:13:51
python security update
2020-10-20 18:49:16
python security update
2020-03-25 19:22:40
redhatcve
redhatcve
CVE-2019-19911
2020-01-09 19:09:03
CVE-2020-5311
2020-01-09 19:09:04
CVE-2019-16865
2019-11-19 14:07:26
alpinelinux
alpinelinux
CVE-2019-19911
2020-01-05 22:15:00
CVE-2020-5311
2020-01-03 01:15:00
CVE-2020-5313
2020-01-03 01:15:00
debiancve
debiancve
CVE-2019-19911
2020-01-05 22:15:00
CVE-2020-5311
2020-01-03 01:15:00
CVE-2019-16865
2019-10-04 22:15:00
ubuntucve
ubuntucve
CVE-2019-19911
2020-01-05 00:00:00
CVE-2020-5311
2020-01-03 00:00:00
CVE-2019-16865
2019-10-04 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-01-06 02:51:37
Denial Of Service (DoS)
2020-01-06 03:50:25
Denial Of Service (DoS)
2019-10-07 02:59:57
prion
prion
Design/Logic Flaw
2020-01-05 22:15:00
Buffer overflow
2020-01-03 01:15:00
Code injection
2019-10-04 22:15:00
github
github
Uncontrolled Resource Consumption in Pillow
2020-04-01 16:36:44
DOS attack in Pillow when processing specially crafted image files
2019-10-22 14:40:42
Buffer Copy without Checking Size of Input in Pillow
2022-05-24 17:05:33
cve
cve
CVE-2019-19911
2020-01-05 22:15:00
CVE-2020-5311
2020-01-03 01:15:00
CVE-2019-16865
2019-10-04 22:15:00
cnvd
cnvd
Pillow has an unspecified vulnerability
2019-11-20 00:00:00
almalinux
almalinux
Important: python-pillow security update
2020-07-28 13:17:06
rocky
rocky
python-pillow security update
2020-07-28 13:17:06
rosalinux
rosalinux
Advisory ROSA-SA-2021-1957
2021-07-02 18:03:40

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.7%

JSON
Related for DEBIAN:DSA-4631-1:EFD0A
fedora4nessus57openvas28ubuntu1mageia1freebsd2ibm2osv25debian1redhat13oraclelinux5amazon2f51centos3redhatcve5alpinelinux4debiancve6ubuntucve6veracode5prion6github6cve6cnvd1almalinux1rocky1rosalinux1