FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Pillow -- Allocation of resources without limits or throttling

Affected packages
py27-pillow < 6.2.0
py35-pillow < 6.2.0
py36-pillow < 6.2.0
py37-pillow < 6.2.0

Details

VuXML ID 998ca824-ef55-11e9-b81f-3085a9a95629
Discovery 2019-09-24
Entry 2019-10-15

Mitre reports:

An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.

References

CVE Name CVE-2019-16865
FreeBSD PR ports/241268
URL https://github.com/python-pillow/Pillow/issues/4123