VulnerableCode Vulnerability Details - VCID-f18b-bjaq-nkb1

Search for vulnerabilities

Vulnerability details: VCID-f18b-bjaq-nkb1

Essentials
Severities (0)
References (11)
Severity details (0)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-f18b-bjaq-nkb1
Aliases	PYSEC-2019-40
Summary	An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.
Status	Published
Exploitability	0.5
Weighted Severity	0.0
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (0)

There are no known CWE.

System	Score	Found at
There are no known severity scores.

Reference id	Reference type	URL
		https://access.redhat.com/errata/RHSA-2020:0566
		https://access.redhat.com/errata/RHSA-2020:0578
		https://access.redhat.com/errata/RHSA-2020:0580
		https://access.redhat.com/errata/RHSA-2020:0681
		https://access.redhat.com/errata/RHSA-2020:0683
		https://access.redhat.com/errata/RHSA-2020:0694
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EMJBUZQGQ2Q7HXYCQVRLU7OXNC7CAWWU/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYDXD7EE4YAEVSTNIFZKNVPRVJX5ZOG3/
		https://pillow.readthedocs.io/en/latest/releasenotes/6.2.0.html
		https://usn.ubuntu.com/4272-1/
		https://www.debian.org/security/2020/dsa-4631

No exploits are available.

There are no known vectors.

No EPSS data available for this vulnerability.

Date	Actor	Action	Source	VulnerableCode Version
2025-08-01T08:34:48.835403+00:00	PyPI Importer	Import	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	37.0.0