Vulnerability CVE-2019-16865 was found in a Pillow package
CVEID:CVE-2019-16865
**DESCRIPTION:**An issue was discovered in Pillow versions before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/168592 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM PowerAI | 1.5.4 |
Container images with iFix for the above vulnerability shipped with PowerAI 1.5.4 is published at
https://hub.docker.com/r/ibmcom/powerai
Execute the following commands from the system in which the docker is installed:
docker pull ibmcom/powerai:<tag>
docker run -ti --env LICENSE=yes ibmcom/powerai:<tag> bash
Where <tag> is a 1.5.4 specific tag. Available image tags can be found at:
<https://hub.docker.com/r/ibmcom/powerai/tags>
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm powerai | eq | 1.5.4 |