An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image. References: https://pillow.readthedocs.io/en/latest/releasenotes/6.2.0.html http://www.cvedetails.com/cve/CVE-2019-16865/
Created python-pillow tracking bugs for this issue: Affects: fedora-all [bug 1774067]
Created python-pillow tracking bugs for this issue: Affects: openstack-rdo [bug 1774069]
Reference: https://github.com/python-pillow/Pillow/issues/4123 Upstream fixes: https://github.com/python-pillow/Pillow/commit/b36c1bc943d554ba223086c7efb502d080f73905 https://github.com/python-pillow/Pillow/commit/f228d0ccbf6bf9392d7fcd51356ef2cfda80c75a https://github.com/python-pillow/Pillow/commit/b9693a51c99c260bd66d1affeeab4a226cf7e5a5 https://github.com/python-pillow/Pillow/commit/cc16025e234b7a7a4dd3a86d2fdc0980698db9cc
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:0566 https://access.redhat.com/errata/RHSA-2020:0566
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-16865
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:0580 https://access.redhat.com/errata/RHSA-2020:0580
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:0578 https://access.redhat.com/errata/RHSA-2020:0578