Alerts This Week
Warning Icon 1 1,375
Alerts This Week
Warning Icon 1 1,375

Debian: DSA-4631-1 Moderate: Pillow DoS and Code Execution Risks

debian
Calendar Grey February 21, 2020
Debian Logo
Several vulnerabilities identified in Pillow could allow for possible Denial of Service attacks and unauthorized remote code execution; all users are advised to update immediately.
Multiple security issues were discovered in Pillow, a Python imaging library, which could result in denial of service and potentially the execution of arbitrary code if malformed P...

Summary

Multiple security issues were discovered in Pillow, a Python imaging
library, which could result in denial of service and potentially the
execution of arbitrary code if malformed PCX, FLI, SGI or TIFF images
are processed.

For the oldstable distribution (stretch), these problems have been fixed
in version 4.0.0-4+deb9u1.

For the stable distribution (buster), these problems have been fixed in
version 5.4.1-2+deb10u1.

We recommend that you upgrade your pillow packages.

For the detailed security status of pillow please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/pillow

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/



Package: pillow
CVE ID: CVE-2019-16865 CVE-2019-19911 CVE-2020-5311

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here