The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Pillow: denial of service via FpxImagePlugin.py

Synthesis of the vulnerability 

An attacker can trigger a fatal error via FpxImagePlugin.py of Pillow, in order to trigger a denial of service.
Vulnerable products: Debian, Solaris, Ubuntu.
Severity of this weakness: 2/4.
Creation date: 06/01/2020.
Références of this bulletin: CVE-2019-19911, DLA-2057-1, DSA-4631-1, USN-4272-1, VIGILANCE-VUL-31260.

Description of the vulnerability 

An attacker can trigger a fatal error via FpxImagePlugin.py of Pillow, in order to trigger a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This cybersecurity vulnerability impacts software or systems such as Debian, Solaris, Ubuntu.

Our Vigil@nce team determined that the severity of this vulnerability is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this weakness alert.

Solutions for this threat 

Debian 8: new pillow packages.
New packages are available:
  Debian 8: pillow 2.6.1-2+deb8u4

Debian 9/10: new pillow packages.
New packages are available:
  Debian 9: pillow 4.0.0-4+deb9u1
  Debian 10: pillow 5.4.1-2+deb10u1

Oracle Solaris: patch for third party software of Januray 2020 v3.
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1

Ubuntu: new python-pil packages.
New packages are available:
  Ubuntu 19.10: python-pil 6.1.0-1ubuntu0.2, python3-pil 6.1.0-1ubuntu0.2
  Ubuntu 18.04 LTS: python-pil 5.1.0-1ubuntu0.2, python3-pil 5.1.0-1ubuntu0.2
  Ubuntu 16.04 LTS: python-pil 3.1.2-0ubuntu1.3, python3-pil 3.1.2-0ubuntu1.3
  Ubuntu 14.04 ESM: python-pil 2.3.0-1ubuntu3.4+esm1, python3-pil 2.3.0-1ubuntu3.4+esm1
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a computer vulnerability alert. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.