|Number of vulnerabilities||1|
Universal components / Libraries / Libraries used by multiple products
|Vendor||Alex Clark and Contributors|
This security bulletin contains one medium risk vulnerability.
CWE-400 - Resource exhaustion
Exploit availability: NoDescription
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect resource management issue when processing invalid images in Pillow. A remote attacker can trigger resource exhaustion with a specially crafted image file and perform a denial of service (DoS) attack.Mitigation
Install updates from vendor's website.Vulnerable software versions
Pillow: 6.0.0 - 6.1.0
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?