7.5
CVE-2019-16865
- EPSS 3.15%
- Veröffentlicht 04.10.2019 22:15:11
- Zuletzt bearbeitet 21.11.2024 04:31:13
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.15% | 0.863 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-770 Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
https://access.redhat.com/errata/RHSA-2020:0566
https://access.redhat.com/errata/RHSA-2020:0578
https://access.redhat.com/errata/RHSA-2020:0580
https://access.redhat.com/errata/RHSA-2020:0681
https://access.redhat.com/errata/RHSA-2020:0683
https://access.redhat.com/errata/RHSA-2020:0694
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EMJBUZQGQ2Q7HXYCQVRLU7OXNC7CAWWU/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYDXD7EE4YAEVSTNIFZKNVPRVJX5ZOG3/
https://pillow.readthedocs.io/en/latest/releasenotes/6.2.0.html
https://usn.ubuntu.com/4272-1/
https://www.debian.org/security/2020/dsa-4631