CVE-2019-19911

Priority
Description
There is a DoS vulnerability in Pillow before 6.2.2 caused by
FpxImagePlugin.py calling the range function on an unvalidated 32-bit
integer if the number of bands is large. On Windows running 32-bit Python,
this results in an OverflowError or MemoryError due to the 2 GB limit.
However, on Linux running 64-bit Python this results in the process being
terminated by the OOM killer.
Notes
Package
Upstream:released (7.0.0-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):released (2.3.0-1ubuntu3.4+esm1)
Ubuntu 16.04 LTS (Xenial Xerus):released (3.1.2-0ubuntu1.3)
Ubuntu 18.04 LTS (Bionic Beaver):released (5.1.0-1ubuntu0.2)
Ubuntu 19.10 (Eoan Ermine):released (6.1.0-1ubuntu0.2)
Ubuntu 20.04 (Focal Fossa):released (7.0.0-4)
Patches:
Upstream:https://github.com/python-pillow/Pillow/commit/774e53bb132461d8d5ebefec1162e29ec0ebc63d
More Information

Updated: 2020-02-07 13:15:35 UTC (commit 9668d5ee82105b27f4ad8ac6f53a5ff5f7a9dad0)