{"api_version":"1","generated_at":"2026-04-23T02:14:31+00:00","cve":"CVE-2019-16865","urls":{"html":"https://cve.report/CVE-2019-16865","api":"https://cve.report/api/cve/CVE-2019-16865.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-16865","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-16865"},"summary":{"title":"CVE-2019-16865","description":"An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2019-10-04 22:15:00","updated_at":"2023-11-07 03:06:00"},"problem_types":["CWE-770"],"metrics":[],"references":[{"url":"https://access.redhat.com/errata/RHSA-2020:0683","name":"RHSA-2020:0683","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2020:0681","name":"RHSA-2020:0681","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EMJBUZQGQ2Q7HXYCQVRLU7OXNC7CAWWU/","name":"FEDORA-2019-19a161d540","refsource":"","tags":[],"title":"[SECURITY] Fedora 30 Update: python-pillow-5.4.1-3.fc30 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://pillow.readthedocs.io/en/latest/releasenotes/6.2.0.html","name":"https://pillow.readthedocs.io/en/latest/releasenotes/6.2.0.html","refsource":"MISC","tags":["Release Notes","Vendor Advisory"],"title":"6.2.0 — Pillow (PIL Fork) 7.0.0.dev0 documentation","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2020:0580","name":"RHSA-2020:0580","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2020:0566","name":"RHSA-2020:0566","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2020:0578","name":"RHSA-2020:0578","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2020:0694","name":"RHSA-2020:0694","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EMJBUZQGQ2Q7HXYCQVRLU7OXNC7CAWWU/","name":"FEDORA-2019-19a161d540","refsource":"FEDORA","tags":["Third Party Advisory"],"title":"[SECURITY] Fedora 30 Update: python-pillow-5.4.1-3.fc30 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.debian.org/security/2020/dsa-4631","name":"DSA-4631","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-4631-1 pillow","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYDXD7EE4YAEVSTNIFZKNVPRVJX5ZOG3/","name":"FEDORA-2019-e7c83bdf19","refsource":"FEDORA","tags":["Third Party Advisory"],"title":"[SECURITY] Fedora 31 Update: python-pillow-6.1.0-4.fc31 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/4272-1/","name":"USN-4272-1","refsource":"UBUNTU","tags":[],"title":"USN-4272-1: Pillow vulnerabilities | Ubuntu security notices | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYDXD7EE4YAEVSTNIFZKNVPRVJX5ZOG3/","name":"FEDORA-2019-e7c83bdf19","refsource":"","tags":[],"title":"[SECURITY] Fedora 31 Update: python-pillow-6.1.0-4.fc31 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-16865","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16865","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"16865","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"30","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"16865","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"31","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"16865","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"30","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"16865","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"31","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"16865","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"python","cpe5":"pillow","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"16865","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"python","cpe5":"pillow","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2019-16865","qid":"296076","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 19.3.0 Missing (CPUJAN2020)"},{"cve":"CVE-2019-16865","qid":"377249","title":"Alibaba Cloud Linux Security Update for python-pillow (ALINUX2-SA-2020:0024)"},{"cve":"CVE-2019-16865","qid":"377325","title":"Alibaba Cloud Linux Security Update for python-pillow (ALINUX3-SA-2022:0012)"},{"cve":"CVE-2019-16865","qid":"981640","title":"Python (pip) Security Update for pillow (GHSA-j7mj-748x-7p78)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2019-16865","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://pillow.readthedocs.io/en/latest/releasenotes/6.2.0.html","refsource":"MISC","name":"https://pillow.readthedocs.io/en/latest/releasenotes/6.2.0.html"},{"refsource":"FEDORA","name":"FEDORA-2019-e7c83bdf19","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYDXD7EE4YAEVSTNIFZKNVPRVJX5ZOG3/"},{"refsource":"FEDORA","name":"FEDORA-2019-19a161d540","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EMJBUZQGQ2Q7HXYCQVRLU7OXNC7CAWWU/"},{"refsource":"UBUNTU","name":"USN-4272-1","url":"https://usn.ubuntu.com/4272-1/"},{"refsource":"REDHAT","name":"RHSA-2020:0566","url":"https://access.redhat.com/errata/RHSA-2020:0566"},{"refsource":"DEBIAN","name":"DSA-4631","url":"https://www.debian.org/security/2020/dsa-4631"},{"refsource":"REDHAT","name":"RHSA-2020:0580","url":"https://access.redhat.com/errata/RHSA-2020:0580"},{"refsource":"REDHAT","name":"RHSA-2020:0578","url":"https://access.redhat.com/errata/RHSA-2020:0578"},{"refsource":"REDHAT","name":"RHSA-2020:0681","url":"https://access.redhat.com/errata/RHSA-2020:0681"},{"refsource":"REDHAT","name":"RHSA-2020:0683","url":"https://access.redhat.com/errata/RHSA-2020:0683"},{"refsource":"REDHAT","name":"RHSA-2020:0694","url":"https://access.redhat.com/errata/RHSA-2020:0694"}]}},"nvd":{"publishedDate":"2019-10-04 22:15:00","lastModifiedDate":"2023-11-07 03:06:00","problem_types":["CWE-770"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*","versionEndExcluding":"6.2.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"16865","Ordinal":"156587","Title":"CVE-2019-16865","CVE":"CVE-2019-16865","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"16865","Ordinal":"1","NoteData":"An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"16865","Ordinal":"2","NoteData":"2019-10-04","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"16865","Ordinal":"3","NoteData":"2020-03-12","Type":"Other","Title":"Modified"}]}}}