9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.01 Low
EPSS
Percentile
83.2%
Pillow developers report:
This release addresses several security problems, as well as
addressing CVE-2019-19911.
CVE-2019-19911 is regarding FPX images. If an image reports that it
has a large number of bands, a large amount of resources will be
used when trying to process the image. This is fixed by limiting the
number of bands to those usable by Pillow.
Buffer overruns were found when processing an SGI, PCX or FLI image.
Checks have been added to prevent this.
Overflow checks have been added when calculating the size of a
memory block to be reallocated in the processing of a TIFF image.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | py27-pillow | < 6.2.2 | UNKNOWN |
FreeBSD | any | noarch | py35-pillow | < 6.2.2 | UNKNOWN |
FreeBSD | any | noarch | py36-pillow | < 6.2.2 | UNKNOWN |
FreeBSD | any | noarch | py37-pillow | < 6.2.2 | UNKNOWN |
FreeBSD | any | noarch | py38-pillow | < 6.2.2 | UNKNOWN |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.01 Low
EPSS
Percentile
83.2%