VulnerableCode Vulnerability Details - VCID-k5y7-tajh-sbdf

Search for vulnerabilities

Vulnerability details: VCID-k5y7-tajh-sbdf

Essentials
Severities (0)
References (4)
Severity details (0)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-k5y7-tajh-sbdf
Aliases	PYSEC-2020-191
Summary	There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux running 64-bit Python this results in the process being terminated by the OOM killer.
Status	Published
Exploitability	0.5
Weighted Severity	0.0
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (0)

There are no known CWE.

System	Score	Found at
There are no known severity scores.

Reference id	Reference type	URL
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
		https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
		https://usn.ubuntu.com/4272-1/
		https://www.debian.org/security/2020/dsa-4631

No exploits are available.

There are no known vectors.

No EPSS data available for this vulnerability.

Date	Actor	Action	Source	VulnerableCode Version
2025-08-01T08:35:08.183041+00:00	PyPI Importer	Import	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	37.0.0