CVE-2019-19911

2020-01-0500:00:00

ubuntu.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

61.5%

JSON

There is a DoS vulnerability in Pillow before 6.2.2 caused by
FpxImagePlugin.py calling the range function on an unvalidated 32-bit
integer if the number of bands is large. On Windows running 32-bit Python,
this results in an OverflowError or MemoryError due to the 2 GB limit.
However, on Linux running 64-bit Python this results in the process being
terminated by the OOM killer.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948224>

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchpillow< 5.1.0-1ubuntu0.2UNKNOWN
ubuntu19.10noarchpillow< 6.1.0-1ubuntu0.2UNKNOWN
ubuntu14.04noarchpillow< 2.3.0-1ubuntu3.4+esm1UNKNOWN
ubuntu16.04noarchpillow< 3.1.2-0ubuntu1.3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	pillow	< 5.1.0-1ubuntu0.2	UNKNOWN
ubuntu	19.10	noarch	pillow	< 6.1.0-1ubuntu0.2	UNKNOWN
ubuntu	14.04	noarch	pillow	< 2.3.0-1ubuntu3.4+esm1	UNKNOWN
ubuntu	16.04	noarch	pillow	< 3.1.2-0ubuntu1.3	UNKNOWN